[RESOLVED] Blue Screens on XP Part 4
Page 1 of 3 123 LastLast
Results 1 to 15 of 32

Thread: [RESOLVED] Blue Screens on XP Part 4

  1. #1
    Join Date
    Oct 2005

    Resolved [RESOLVED] Blue Screens on XP Part 4

    Dear computer experts,

    I'm on a 10 year old Dell XPS 400 desktop running Windows XP. I have not had major errors or problems with it for a while, probably since 2014, and would like to solve this issue to at least use it long enough to transfer my music files to CD. I understand that it will need to be replaced soon. Luckily, I also have a tablet for internet access.

    After coming back from a week vacation, my computer started showing blue screen of death error messages, many times, and sometimes with slightly different messages. I can and have used it for short periods at a time, up to a few hours. After being on the computer for a while, it displays the BSOD and I have to manually power down after that. Sometimes the computer cannot be started up manually, usually the first button press after an error, and the other times (2nd try etc) it starts up ok but after loading the home screen, or after a few minutes online, the BSOD appears again. I recently chose some of the options from the F8 screen like Last Good Configuration and System Restore to see if they gave it more time, and I have gotten more screen time, but the error messages eventually pop up again.they haven't solved it. I have no idea if this problem is related to spyware or malware, or just some old computer tricks have to be performed...

    The BSOD have included the STOP: 0x000....numbers as well as lines on the top like BAD_POOL_HEADER_ and [RQL_NOT_LESS_OR_EQUAL
    I tried running the mrt Microsoft removal scan tool, but the computer shut down in the middle of my full scan. I have AVG which has detected and removed a trojan horse in the past 2 days, and some Win32 stuff in July. I have Ad-Aware and Spybot, which I haven't done manual scans recently, but have used plenty in the past. Most recent scans done with them came up with no problems to remove or repair. I don't download Windows monthly updates anymore, I haven't done so for at least a year, but possibly longer, since the last time I did, doing so changed the order/layout of some of my file folders, and I don't want them reordered. Sometime between the Apr 2014 XP support drop and 1 year ago I stopped doing those updates.

    Please let me know how I can use the computer without BSOD interruption for a little longer! I did back up my documents and pictures on a flash drive, so I'm prepared for the worst, but hope with your guidance there is something that can be done. What steps can I take to fix this issue, if any?

    Look forward to finding out more when you have the chance.

  2. #2
    Join Date
    Dec 2007
    Daly City, CA
    Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

  3. #3
    Join Date
    Oct 2005

    Malware Recovery for XP Dell part 1

    Dear Broni or other experts,

    I followed the steps you suggested, and know that I was supposed to reply with my logs in the Malware Removal forum. I couldn't find a forum topic called Malware Removal, so I'll paste my results here until I'm directed otherwise.

    My computer has remained on since I wrote you yesterday without any sudden shutdowns. Very good behavior compared to the last 48 hrs. I think I had started it in the "Debugging mode". Before I could follow your steps, automatic scans caught and removed a trojan horse and another example of Win32. I confirmed the firewall on and ran my anti-virus, which didn't show further concerns.

    Here's my log from FRST, and the Additional one in a separate message:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016
    Ran by Jennifer Klausner (administrator) on JENDESKTOP (09-08-2016 02:34:28)
    Running from C:\
    Loaded Profiles: Jennifer Klausner (Available Profiles: Julius Klausner & Dorothy Klausner & Jennifer Klausner & Michelle Klausner & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    (AOL Inc.) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
    (Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    (America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
    (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    (Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
    (Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    (AOL Inc.) C:\Program Files\Common Files\AOL\1169873283\ee\aolsoftware.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe
    (Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    (SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (Spotify Ltd) C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\SpotifyWebHelper.exe
    (Akamai Technologies, Inc.) C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe
    () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    (Akamai Technologies, Inc.) C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe
    (AOL Inc.) C:\Program Files\AOL Desktop 9.8.0\waol.exe
    (BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Matsu****a Electric Industrial Co., Ltd.) C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    (Dropbox, Inc.) C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe
    (Viewpoint Corporation) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (AOL Inc.) C:\Program Files\AOL Desktop 9.8.0\shellmon.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (AOL Inc.) C:\Program Files\Common Files\AOL\1169873283\ee\aolupdates.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
    HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
    HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
    HKLM\...\Run: [CTDVDDET] => C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
    HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [122880 2005-10-14] (Creative Technology Ltd)
    HKLM\...\Run: [AudioDrvEmulator] => C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [49152 2005-11-04] (Creative Technology Ltd.)
    HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [205480 2007-08-30] (Macrovision Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
    HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
    HKLM\...\Run: [MSKDetectorExe] => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [70760 2014-02-06] (AOL Inc.)
    HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1169873283\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
    HKLM\...\Run: [hpqSRMon] => [X]
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [PMX Daemon] => C:\WINDOWS\system32\ICO.EXE [47104 2006-06-09] (Primax Electronics Ltd.)
    HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2006-02-09] (Corel, Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SMART Floating Tools] => C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe [9221424 2013-08-22] (SMART Technologies ULC)
    HKLM\...\Run: [SMARTNotification] => C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe [208688 2013-08-22] (SMART Technologies)
    HKLM\...\Run: [SMART Tray Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe [754992 2013-08-22] (SMART Technologies)
    HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
    HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-07-22] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-24] (Google Inc.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [205480 2007-08-30] (Macrovision Corporation)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-23] (Spotify Ltd)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [AmazonMP3DownloaderHelper] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Dropbox Update] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Spotify] => C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\Spotify.exe [8316528 2016-01-23] (Spotify Ltd)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.0\AOL.EXE [73584 2015-09-08] (AOL Inc.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\MountPoints2: {5beff83a-b20b-11de-94f6-00038a000015} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [393216 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION
    HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-24] (Google Inc.)
    HKU\S-1-5-18\...\Run: [AOL Fast Start] => C:\Program Files\AOL 9.1\aol.exe [50528 2008-06-03] (AOL, LLC.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-01-26]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-03-28]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2009-08-22]
    ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsu****a Electric Industrial Co., Ltd.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk [2006-06-02]
    ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
    Startup: C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-11]
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer]
    Tcpip\..\Interfaces\{0927C98D-4C4E-4754-8D08-5D727E0A3D84}: [DhcpNameServer]

    Internet Explorer:
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    URLSearchHook: HKLM - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    URLSearchHook: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    SearchScopes: HKLM -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110318031341234&tb_oid=18-03-2011&tb_mrud=18-03-2011
    SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {072bd52f-b0b3-4c27-8c30-c471fddaaefa} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7
    SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110318031341234&tb_oid=18-03-2011&tb_mrud=18-03-2011
    SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {64E63331-229C-40EE-B596-A279CE1B5FA5} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110206,6901,0,8,0
    SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: No Name -> {28FE24D4-50EB-4B48-A416-582B910AFDDE} -> No File
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll => No File
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08] (Sonic Solutions)
    BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\NotebookPlugin.dll [2013-08-22] (SMART Technologies ULC.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-28] (Oracle Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
    BHO: AOL Messaging Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\Program Files\BAE\BAE.dll [2006-02-22] (Dell Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-28] (Oracle Corporation)
    BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
    Toolbar: HKLM - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
    Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> AOL Messaging Toolbar - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} hxxp://zone.msn.com/bingame/trix/default/TriJinx.
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
    DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
    DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} hxxp://
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/popcaploader_v10.cab
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} hxxp://cainternetsecurity.net/scanner/cascanner.cab
    DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} hxxp://zone.msn.com/bingame/swet/default/Sweetopia.
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
    Filter: text/html - {0b4ec5a7-aa30-428e-b79f-7492b9a36e59} - C:\WINDOWS\msvideo.dll No File

    FF ProfilePath: C:\Documents and Settings\Jennifer Klausner\Application Data\Mozilla\Firefox\Profiles\qwso2m83.default-1428637936437
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
    FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-28] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll [2009-10-21] (Move Networks)
    FF Plugin: @nbc.com/DirectPlayer -> C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll [No File]
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2952040898-4172286553-4130697486-1008: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll [2009-10-21] (Move Networks)
    FF Extension: WOT - C:\Documents and Settings\Jennifer Klausner\Application Data\Mozilla\Firefox\Profiles\qwso2m83.default-1428637936437\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-11]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-02] [not signed]
    FF HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks
    FF Extension: Move Media Player - C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks [2009-10-21] [not signed]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

    CHR Profile: C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46184 2014-02-06] (AOL Inc.)
    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4093696 2016-07-22] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [906512 2016-07-20] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-07-22] (AVG Technologies CZ, s.r.o.)
    R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
    S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2013-10-30] (Flexera Software LLC)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-28] (Oracle Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
    R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation) [File not signed]
    S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SMART Board Service; C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1937200 2013-08-22] (SMART Technologies)
    S2 SMART Display Controller; C:\Program Files\SMART Technologies\Education Software\UCService.exe [810800 2013-08-22] (SMART Technologies)
    S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
    R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
    R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 AvgLdx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 AvgMfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R1 AvgTdiX; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
    S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
    R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
    R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
    R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
    R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
    R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
    R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
    R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
    R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
    R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
    R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
    R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
    R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
    S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
    S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
    R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
    S3 bvrp_pci; no ImagePath
    S3 catchme; \??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\catchme.sys [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-09 02:34 - 2016-08-09 02:35 - 00034483 _____ C:\FRST.txt
    2016-08-09 02:34 - 2016-08-09 02:34 - 00000000 ____D C:\FRST
    2016-08-09 02:33 - 2016-08-09 02:33 - 01743872 _____ (Farbar) C:\FRST.exe
    2016-08-09 02:32 - 2016-08-09 02:32 - 02393600 _____ (Farbar) C:\FRST64.exe
    2016-08-08 17:34 - 2016-08-08 17:35 - 51658464 _____ (Microsoft Corporation) C:\Windows-KB890830-V5.38.exe
    2016-08-08 16:05 - 2016-08-08 16:05 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-05.dmp
    2016-08-08 15:29 - 2016-08-08 15:29 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-04.dmp
    2016-08-08 14:14 - 2016-08-08 14:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-03.dmp
    2016-08-08 13:36 - 2016-08-08 13:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-02.dmp
    2016-08-08 11:16 - 2016-08-08 11:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-01.dmp
    2016-08-08 00:28 - 2016-08-08 00:28 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Dropbox
    2016-08-07 23:52 - 2016-08-07 23:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-05.dmp
    2016-08-07 23:49 - 2016-08-07 23:49 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-04.dmp
    2016-08-07 23:40 - 2016-08-07 23:39 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-03.dmp
    2016-08-07 22:13 - 2016-08-07 22:12 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-02.dmp
    2016-08-07 17:29 - 2016-08-07 23:55 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Dropbox(2)
    2016-08-07 17:12 - 2016-08-07 17:12 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-01.dmp
    2016-08-07 16:39 - 2016-08-07 16:39 - 00000000 __SHD C:\found.000
    2016-07-21 13:52 - 2016-07-29 12:07 - 00000502 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
    2016-07-21 13:52 - 2016-07-21 13:52 - 00000564 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
    2016-07-21 13:52 - 2016-07-21 13:52 - 00000478 _____ C:\WINDOWS\Tasks\PCDDataUploadTask.job
    2016-07-21 13:52 - 2016-07-21 13:52 - 00000000 ____D C:\Program Files\Dell Support Center
    2016-07-19 18:03 - 2016-08-08 16:11 - 00002051 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
    2016-07-19 18:03 - 2016-07-19 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
    2016-07-19 17:59 - 2016-07-19 17:59 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-09 02:35 - 2010-05-11 18:52 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Local Settings\temp
    2016-08-09 02:33 - 2012-03-31 09:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-08-09 02:29 - 2010-09-28 21:52 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2016-08-09 02:26 - 2015-06-12 22:15 - 00001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008UA.job
    2016-08-09 01:42 - 2010-02-02 20:34 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-08-08 23:26 - 2015-06-12 22:15 - 00000984 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008Core.job
    2016-08-08 22:46 - 2015-12-16 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2016-08-08 22:42 - 2010-02-02 20:34 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-08-08 22:26 - 2004-08-11 18:20 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
    2016-08-08 19:32 - 2006-06-18 22:46 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents
    2016-08-08 17:38 - 2006-06-20 13:57 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-08-08 16:48 - 2011-08-17 21:40 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Spotify
    2016-08-08 16:39 - 2011-08-17 21:40 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify
    2016-08-08 16:16 - 2007-01-17 00:00 - 19223846 _____ C:\VETlog.txt
    2016-08-08 16:16 - 2007-01-17 00:00 - 00082779 _____ C:\VETlog.dmp
    2016-08-08 16:12 - 2012-08-07 01:42 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents\Dropbox
    2016-08-08 16:08 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2016-08-08 16:06 - 2006-06-02 15:31 - 00043522 _____ C:\WINDOWS\system32\nvapps.xml
    2016-08-08 16:06 - 2006-06-02 15:31 - 00004176 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
    2016-08-08 16:05 - 2014-03-09 21:07 - 00000246 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2016-08-08 16:05 - 2008-01-16 05:19 - 00000000 ____D C:\WINDOWS\Minidump
    2016-08-08 16:05 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-08-08 00:28 - 2012-08-07 01:39 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox
    2016-08-08 00:13 - 2015-12-16 07:41 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
    2016-08-08 00:13 - 2015-12-16 07:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
    2016-08-07 23:56 - 2006-06-20 13:55 - 00000000 ____D C:\Documents and Settings\Dorothy Klausner
    2016-08-07 23:56 - 2006-06-19 10:38 - 00000000 ____D C:\Documents and Settings\Michelle Klausner
    2016-08-07 23:56 - 2006-06-18 22:46 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner
    2016-08-07 23:56 - 2006-06-18 15:20 - 00000000 ____D C:\Documents and Settings\Julius Klausner
    2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
    2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\LocalService
    2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 ____D C:\Documents and Settings\Administrator
    2016-08-07 23:56 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\Registration
    2016-08-07 23:54 - 2004-08-11 18:20 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
    2016-08-07 23:53 - 2010-05-05 01:00 - 00254702 _____ C:\WINDOWS\ntbtlog.txt
    2016-08-07 20:20 - 2006-06-18 22:46 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents\My Music
    2016-07-30 03:49 - 2013-10-19 20:58 - 00339264 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2016-07-30 03:49 - 2013-10-16 19:16 - 00458752 _____ C:\WINDOWS\system32\config\SMART Pr.evt
    2016-07-30 03:49 - 2013-01-26 16:41 - 00064980 _____ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    2016-07-30 03:49 - 2013-01-26 16:41 - 00054788 _____ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    2016-07-30 03:49 - 2013-01-26 16:41 - 00054788 _____ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    2016-07-30 03:49 - 2013-01-26 16:41 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
    2016-07-30 03:49 - 2013-01-26 16:41 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
    2016-07-30 03:49 - 2012-12-08 15:58 - 00282770 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2016-07-29 12:14 - 2013-01-26 14:57 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\PCDr
    2016-07-28 18:59 - 2006-06-18 22:46 - 00000278 ___SH C:\Documents and Settings\Jennifer Klausner\ntuser.ini
    2016-07-27 10:11 - 2004-08-11 18:02 - 00000000 ___HD C:\WINDOWS\inf
    2016-07-23 14:40 - 2010-07-13 21:51 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    2016-07-21 21:09 - 2011-06-04 04:54 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2016-07-21 13:52 - 2006-06-02 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
    2016-07-21 13:49 - 2013-01-26 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
    2016-07-16 10:33 - 2012-03-31 09:18 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-07-16 10:33 - 2011-05-18 17:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-07-12 13:33 - 2004-08-11 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed

    ==================== Files in the root of some directories =======

    2010-05-05 07:21 - 2010-05-11 17:55 - 3686521 ____R () C:\Program Files\ComboFix.exe
    2010-05-05 00:37 - 2010-05-05 00:37 - 0284915 _____ () C:\Program Files\gmer.zip
    2010-05-07 01:02 - 2010-05-07 01:02 - 0000511 _____ () C:\Program Files\Printflush-1.3 Printer Help.zip
    2010-05-08 11:34 - 2010-05-08 11:34 - 0000668 _____ () C:\Program Files\ResetTeaTimer.zip
    2010-06-16 22:25 - 2010-06-16 22:25 - 0976273 _____ () C:\Program Files\tempCleaner_3.0.4.exe.zip
    2010-06-16 22:21 - 2010-06-16 22:21 - 0080014 _____ () C:\Program Files\TFC-Temp-File-Cleaner-OldTimer-file187.html
    2010-06-16 22:30 - 2010-06-16 22:30 - 0272384 _____ (OldTimer Tools) C:\Program Files\TFC.exe
    2008-01-19 02:15 - 2008-01-19 02:15 - 31332844 ____C () C:\Program Files\Three Dog Night- live at the Forum 1.rar
    2008-01-19 02:22 - 2008-01-19 02:22 - 58369340 ____C () C:\Program Files\Three Dog Night- live at the Forum 2.rar
    2008-01-19 02:12 - 2008-01-19 02:12 - 0000138 ____C () C:\Program Files\Three Dog Night- live at the Forum.rar
    2008-01-19 00:35 - 2008-01-19 00:36 - 12727648 ____C () C:\Program Files\winzip111.exe
    2011-10-12 03:57 - 2011-10-12 03:57 - 0995328 _____ () C:\Program Files\WOT-20110704-en-US.msi
    2008-02-14 22:06 - 2012-11-09 23:24 - 0007680 ____C () C:\Documents and Settings\Jennifer Klausner\Application Data\dvd.bmk
    2007-10-25 06:36 - 2007-10-25 06:36 - 0002219 ____C () C:\Documents and Settings\Jennifer Klausner\Application Data\evpro32.prf
    2008-02-03 04:08 - 2014-07-27 12:48 - 0006144 ____C () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2006-06-18 22:46 - 2007-10-07 15:52 - 0000140 ____N () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\fusioncache.dat
    2010-04-19 19:57 - 2010-04-19 19:57 - 0000036 _____ () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\housecall.guid.cache
    2012-03-28 17:56 - 2012-03-28 18:16 - 0000753 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

    Some files in TEMP:
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\924e5959-aba1-4f00-b142-78e3ca572663.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\AcsInstall.dll
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\aol-messaging_toolbar8C0.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081004609481.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081175382792.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081498343587.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081545812382.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081985558452.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081998758767.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08432538696.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08692099664.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08930005468.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyd3azw.dll
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\jre-6u23-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\setup_wm.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SHFOLDER.DLL
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SMARTProductUpdate.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SpotifyUpgrader.exe
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\Stp70C_TMP.EXE
    C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\swt-win32-3349.dll

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

    Please let me know the next step when you can. Thank you so much for responding quickly and with details.

  4. #4
    Join Date
    Oct 2005
    Dear Broni et al,

    Here is Part one of 2 messages with my Additional FRST log:
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016
    Ran by Jennifer Klausner (2016-08-09 02:36:16)
    Running from C:\
    Microsoft Windows XP Professional Service Pack 3 (X86) (2006-06-18 19:20:14)
    Boot Mode: Normal
    ==================== Accounts: =============================
    Administrator (S-1-5-21-2952040898-4172286553-4130697486-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Dorothy Klausner (S-1-5-21-2952040898-4172286553-4130697486-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dorothy Klausner
    Guest (S-1-5-21-2952040898-4172286553-4130697486-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-2952040898-4172286553-4130697486-1005 - Limited - Disabled)
    Jennifer Klausner (S-1-5-21-2952040898-4172286553-4130697486-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jennifer Klausner
    Julius Klausner (S-1-5-21-2952040898-4172286553-4130697486-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Julius Klausner
    Michelle Klausner (S-1-5-21-2952040898-4172286553-4130697486-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Michelle Klausner
    SUPPORT_388945a0 (S-1-5-21-2952040898-4172286553-4130697486-1002 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Ad-Aware Antivirus (Disabled - Out of date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: - TEAC)
    Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Ad-Aware Antivirus (HKLM\...\{3F5DFA1C-DAD9-49F7-B40D-DE40559C439F}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
    AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: - Adobe Systems Inc.)
    Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
    AGEIA PhysX v6.11.13 (HKLM\...\{C09377D8-DB6A-42B9-9EBE-A670D0ABDB4F}) (Version: 6.11.13 - AGEIA Technologies, Inc.)
    AIM 7 (HKLM\...\AIM_7) (Version: - )
    Akamai NetSession Interface (HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Akamai) (Version: - Akamai Technologies, Inc)
    Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
    AntimalwareEngine (Version: - Lavasoft) Hidden
    AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version: - )
    AOL Instant Messenger (HKLM\...\AOL Instant Messenger) (Version: - )
    AOL Messaging Toolbar (HKLM\...\AIM Toolbar) (Version: - )
    AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
    AOLIcon (Version: 1.00.0000 - Dell) Hidden
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: - Apple Inc.)
    Ashampoo Burning Studio Elements 10.0.9 (HKLM\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
    AVG (HKLM\...\AvgZen) (Version: - AVG Technologies)
    AVG (Version: 16.91.7690 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4633 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.91.7690 - AVG Technologies)
    AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: - Apple Inc.)
    BufferChm (Version: - Hewlett-Packard) Hidden
    C4400 (Version: - Hewlett-Packard) Hidden
    C4400_Help (Version: - Hewlett-Packard) Hidden
    Camera Access Library (Version: - Canon) Hidden
    Camera Support Core Library (Version: - Canon) Hidden
    Camera Window DS (Version: 5.3.1 - Canon) Hidden
    Camera Window DVC (Version: 5.4.4 - Canon) Hidden
    Camera Window DVC (Version: 6.0 - Canon) Hidden
    Camera Window MC (Version: 6.0 - Canon) Hidden
    Canon Camera Access Library (HKLM\...\InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}) (Version: - Canon)
    Canon Camera Support Core Library (HKLM\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: - Canon)
    Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}) (Version: 5.4.4 - Canon)
    Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}) (Version: 6.0 - Canon)
    Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
    Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}) (Version: 6.0 - Canon)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}) (Version: - Canon)
    Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
    Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
    Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
    Canon ZoomBrowser EX (E) (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.05.0000 - Canon)
    Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
    CinepPlayer 30 Update (HKLM\...\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Copy (Version: - Hewlett-Packard) Hidden
    Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.33 - Corel, Inc.)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows2.0) (Version: 2.0 - Coupons, Inc.) <==== ATTENTION
    Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
    Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
    Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
    Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent)
    Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.1 - Dell)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.107 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
    Destination Component (Version: - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DocProc (Version: - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
    Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
    Dropbox (HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
    EASEUS Data Recovery Wizard Free Edition 5.0.1 (HKLM\...\EASEUS Data Recovery Wizard Free Edition 5.0.1_is1) (Version: - EASEUS)
    EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
    ELIcon (Version: 1.00.0000 - Dell) Hidden
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden
    Games, Music, & Photos Launcher (HKLM\...\{B6884A07-0305-47AE-9969-8F26FADC17DE}) (Version: 1.00.0000 - Dell Inc.)
    Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: - Garmin Ltd or its subsidiaries)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: - Google Inc.) Hidden
    Google Update Helper (Version: - Google Inc.) Hidden
    GPBaseService (Version: - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
    HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}) (Version: 10.0 - HP)
    HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
    HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
    HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: - Hewlett-Packard) Hidden
    HPSSupply (Version: - Hewlett-Packard) Hidden
    Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet for Wired Connections (HKLM\...\{4CEA6811-DFAD-4892-828D-49941FE3B779}) (Version: 9.30.0000 - Dell)
    iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: - Apple Inc.)
    Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.230 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: - Sun Microsystems, Inc.)
    LUMIX Simple Viewer (HKLM\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - Panasonic)
    MarketResearch (Version: - Hewlett-Packard) Hidden
    MCU (Version: 1.00.0000 - Dell) Hidden
    MetaFrame Presentation Server Web Client for Win32 (HKLM\...\MetaFrame Presentation Server Web Client for Win32) (Version: - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.4013.0 - Microsoft Corporation)
    Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31117 - Microsoft Corporation)
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 1.00.0000 - Dell)
    Move Media Player (HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Move Media Player) (Version: - Move Networks)
    MovieEdit Task (Version: - Canon) Hidden
    Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
    MyScript HWR (Spanish) (HKLM\...\{EDAC6E0D-F93B-4B80-9377-F57D3BB5E6B1}) (Version: - SMART Technologies ULC)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
    Oracle JInitiator (HKLM\...\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}) (Version: - )
    PanoStandAlone (Version: - Hewlett-Packard) Hidden
    PassAlong Software (HKLM\...\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}) (Version: 2.2.04 - PassAlong Music Store)
    PhotoStitch (Version: 3.1.16 - Canon) Hidden
    PS_AIO_03_C4400_ProductContext (Version: - Hewlett-Packard) Hidden
    PS_AIO_03_C4400_Software (Version: - Hewlett-Packard) Hidden
    PS_AIO_03_C4400_Software_Min (Version: - Hewlett-Packard) Hidden
    PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: - Apple Inc.)
    RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
    Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
    Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
    Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
    Scan (Version: - Hewlett-Packard) Hidden
    Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
    SMART Common Files (HKLM\...\{BBA07B40-F7C6-44F7-BF08-767F8835685F}) (Version: - SMART Technologies ULC)
    SMART Ink (HKLM\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)
    SMART Notebook (HKLM\...\{E57F6C8B-E159-477E-93BF-764759747BC4}) (Version: 11.3.857.0 - SMART Technologies ULC)
    SMART Product Drivers (HKLM\...\{589B09F5-0768-4BE9-B8C0-DD253E6B3643}) (Version: 11.3.533.0 - SMART Technologies ULC)
    SmartWebPrintingOC (Version: - Hewlett-Packard) Hidden
    SolutionCenter (Version: - Hewlett-Packard) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Sonic Advanced Decoder (HKLM\...\{46C73DE4-E96D-4F7C-8371-F28052183B12}) (Version: - )
    Sound Blaster X-Fi (HKLM\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
    Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
    Spotify (HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Spotify) (Version: - Spotify AB)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Spybot - Search & Destroy (HKLM\...\Spybot - Search & Destroy_is1) (Version: - Safer Networking Ltd.)
    Status (Version: - Hewlett-Packard) Hidden
    Toolbox (Version: - Hewlett-Packard) Hidden
    TrayApp (Version: - Hewlett-Packard) Hidden
    Unknown File Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: - Trusted Software)
    UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
    URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    VideoToolkit01 (Version: - Hewlett-Packard) Hidden
    Viewpoint Manager (Remove Only) (HKLM\...\Viewpoint Manager) (Version: - )
    Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: - AVG Technologies CZ, s.r.o.)
    Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: - Walmart.com)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: - Hewlett-Packard) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 - Garmin)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0059.1 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WinZip 11.2 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}) (Version: 11.3.8261 - WinZip Computing, S.L. )
    WOT for Internet Explorer (HKLM\...\{DB0BB9FA-1B60-4036-8E29-3D56D8085256}) (Version: - WOT Services Oy)
    WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: - WOT Services Oy)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{0b4ec5a7-aa30-428e-b79f-7492b9a36e59}\InprocServer32 -> C:\WINDOWS\msvideo.dll => No File
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\DropboxExt.24.dll => No Fil (the data entry has 1 more characters).
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008Core.job => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008UA.job => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\PCDDataUploadTask.job => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
    Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell\SupportAssist\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
    Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
    Shortcut: C:\Documents and Settings\Jennifer Klausner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
    ==================== Loaded Modules (Whitelisted) ==============
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-07-18 20:22 - 2016-07-18 20:22 - 00664040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
    2016-07-18 20:25 - 2016-07-18 20:25 - 00026880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00055560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00122632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 08996600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 02454224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00670976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00099072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 00772336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 00490752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00668912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00090856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00109280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 00829184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00721168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00862960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00210672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 01295104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 00179968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00903416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 01074408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00806648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00948992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 02242808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 01205480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 01157360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 02655480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 02807544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 01044728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00055048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 01513728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00829672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00373480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 02424576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 01044200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00831208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
    2016-07-18 20:24 - 2016-07-18 20:24 - 01270000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00915728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00424176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 08063200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
    2016-07-18 20:25 - 2016-07-18 20:25 - 00403712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 01888488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
    2016-07-18 20:25 - 2016-07-18 20:25 - 00869624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
    2013-01-26 16:38 - 2005-11-08 21:30 - 00003072 _____ () C:\WINDOWS\CTXFIRES.DLL
    2005-11-01 04:12 - 2006-05-03 03:12 - 00098304 _____ () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    2015-12-16 07:32 - 2016-04-07 22:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
    2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
    2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
    2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    2015-09-08 17:35 - 2015-09-08 17:35 - 00048640 _____ () C:\Program Files\AOL Desktop 9.8.0\zlib.dll
    2015-09-08 17:35 - 2015-09-08 17:35 - 21151232 _____ () C:\Program Files\AOL Desktop 9.8.0\libcef.dll
    2015-09-08 17:35 - 2015-09-08 17:35 - 00648704 _____ () C:\Program Files\AOL Desktop 9.8.0\libglesv2.dll
    2015-09-08 17:35 - 2015-09-08 17:35 - 00122880 _____ () C:\Program Files\AOL Desktop 9.8.0\libegl.dll
    2016-08-08 00:28 - 2016-06-29 22:25 - 00035792 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\_multiprocessing.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00145864 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\pyexpat.pyd
    2016-08-08 00:28 - 2016-06-29 22:26 - 00019408 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\faulthandler.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00116688 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\pywintypes27.dll
    2016-08-08 00:28 - 2016-06-29 22:25 - 00100296 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\_ctypes.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00018888 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\select.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00019760 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\tornado.speedups.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00694224 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\unicodedata.pyd
    2016-08-08 00:28 - 2016-08-01 17:26 - 00020816 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-08-08 00:28 - 2016-06-29 22:26 - 00123856 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\_cffi_backend.pyd
    2016-08-08 00:28 - 2016-08-01 17:26 - 01682760 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-08-08 00:28 - 2016-08-01 17:26 - 00020808 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00021312 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00052024 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\psutil._psutil_windows.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00038696 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\fastpath.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00105928 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32api.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00392144 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\pythoncom27.dll
    2016-08-08 00:28 - 2016-06-29 22:27 - 00020936 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\mmapfile.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00024528 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32event.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00114640 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32security.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00381752 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32com.shell.shell.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00124880 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32file.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00025424 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00024016 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32clipboard.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00175560 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32gui.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00030160 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32pipe.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00043472 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32process.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00048592 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32service.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00026456 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00057808 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32evtlog.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00024016 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32profile.pyd
    2016-08-08 00:28 - 2016-08-01 17:26 - 00246592 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00028616 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32ts.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00020800 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00019776 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00020800 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-08-08 00:28 - 2016-06-29 22:25 - 00144848 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\_elementtree.pyd
    2016-08-08 00:28 - 2016-06-29 22:26 - 00241104 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\_jpegtran.pyd
    2016-08-08 00:28 - 2016-08-01 17:26 - 00020280 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00023376 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00350152 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winxpgui.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00022352 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00024392 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-08-08 00:28 - 2016-06-29 22:28 - 00036296 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\librsync.dll
    2016-08-08 00:28 - 2016-08-01 17:27 - 00084280 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\dropbox_sqlite_ext.dll
    2016-08-08 00:28 - 2016-08-01 17:27 - 01826096 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtCore.pyd
    2016-08-08 00:28 - 2016-06-29 22:26 - 00083912 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\sip.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 03929392 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 01972016 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtGui.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00531248 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00132912 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00224056 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00207672 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00020288 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.user32._winffi_user32.pyd
    2016-08-08 00:28 - 2016-06-29 22:27 - 00060880 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\win32print.pyd
    2016-08-08 00:28 - 2016-08-01 17:27 - 00024904 _____ () C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
    2004-08-11 18:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2016-07-12 14:33 - 2016-07-12 14:33 - 19483328 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll

  5. #5
    Join Date
    Oct 2005
    Dear Broni et al,

    My FRST Additional log part 2:
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
    IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
    IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
    IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
    IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
    There are 4221 more sites.
    IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
    IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
    IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
    IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
    IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com
    There are 4221 more sites.
    IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
    IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
    IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
    IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
    IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com
    There are 4221 more sites.
    IE trusted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\dell.com -> dell.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\1-extreme.biz -> www.1-extreme.biz
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\1001-search.info -> www.1001-search.info
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\123topsearch.com -> www.123topsearch.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\132.com -> www.132.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\136136.net -> down.136136.net
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\139mm.com -> www.139mm.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\163ns.com -> ert0003.e76.163ns.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\17-plus.com -> 17-plus.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\171203.com -> 171203.com
    IE restricted site: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\1800searchonline.com -> www.1800searchonline.com
    There are 4221 more sites.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2004-08-11 18:00 - 2008-03-04 23:26 - 00227676 ____R C:\WINDOWS\system32\Drivers\etc\hosts localhost127.0.0.1 www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.1001-search.info 1001-search.info www.100888290cs.com 100888290cs.com www.100sexlinks.com 100sexlinks.com www.10sek.com 10sek.com www.123topsearch.com 123topsearch.com www.132.com 132.com www.136136.net 136136.net www.139mm.com 139mm.com www.163ns.com 163ns.com 171203.com 17-plus.com
    There are 7979 more lines.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: -
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
    DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
    DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
    StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
    StandardProfile\AuthorizedApplications: [C:\Program Files\AIM\aim.exe] => Enabled:AOL Instant Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Disabled:RealPlayer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1169873283\ee\aolsoftware.exe] => Enabled:AOL Shared Components
    StandardProfile\AuthorizedApplications: [C:\Program Files\AOL 9.1\waol.exe] => Enabled:AOL
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL System Information
    StandardProfile\AuthorizedApplications: [C:\Program Files\AIM7\aim.exe] => Enabled:AIM
    StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.6\waol.exe] => Enabled:AOL Desktop 9.6
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe] => Enabledropbox
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
    StandardProfile\AuthorizedApplications: [C:\Program Files\SMART Technologies\Education Software\UCGui.exe] => Enabled:SMART Universal Controller Interface
    StandardProfile\AuthorizedApplications: [C:\Program Files\SMART Technologies\Education Software\UCService.exe] => Enabled:SMART Display Controller Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe] => Enabled:SMART SNMP Agent
    StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\waol.exe] => Enabled:AOL
    StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\aolbrowser.exe] => Enabled:AOL Browser
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
    StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Disabled:Spotify
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.8.0\waol.exe] => Enabled:AOL
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [12001:UDP] => Enabled:SMART WebServer Handshake Multicast Port
    ==================== Restore Points =========================
    12-05-2016 01:50:37 System Checkpoint
    13-05-2016 01:53:21 System Checkpoint
    14-05-2016 02:33:08 System Checkpoint
    15-05-2016 12:15:19 System Checkpoint
    16-05-2016 16:35:01 System Checkpoint
    18-05-2016 01:13:35 System Checkpoint
    19-05-2016 03:41:09 System Checkpoint
    20-05-2016 19:04:52 System Checkpoint
    22-05-2016 12:50:02 System Checkpoint
    24-05-2016 00:44:48 System Checkpoint
    25-05-2016 21:37:07 System Checkpoint
    27-05-2016 16:11:18 System Checkpoint
    28-05-2016 22:09:47 System Checkpoint
    30-05-2016 12:32:13 System Checkpoint
    31-05-2016 17:27:03 System Checkpoint
    01-06-2016 18:03:18 System Checkpoint
    02-06-2016 18:59:10 System Checkpoint
    03-06-2016 20:59:28 System Checkpoint
    07-06-2016 00:51:31 System Checkpoint
    08-06-2016 01:03:10 System Checkpoint
    09-06-2016 18:38:08 System Checkpoint
    11-06-2016 11:51:02 System Checkpoint
    12-06-2016 19:16:56 System Checkpoint
    13-06-2016 16:42:22 AA11
    14-06-2016 22:18:44 System Checkpoint
    15-06-2016 19:20:57 AA11
    17-06-2016 01:31:55 System Checkpoint
    18-06-2016 12:48:57 System Checkpoint
    19-06-2016 13:14:06 System Checkpoint
    22-06-2016 19:23:08 System Checkpoint
    23-06-2016 21:57:33 System Checkpoint
    24-06-2016 22:45:13 System Checkpoint
    26-06-2016 10:09:00 System Checkpoint
    27-06-2016 11:55:58 System Checkpoint
    29-06-2016 18:25:37 System Checkpoint
    30-06-2016 18:53:07 System Checkpoint
    02-07-2016 20:33:22 System Checkpoint
    06-07-2016 10:21:47 System Checkpoint
    07-07-2016 11:57:23 System Checkpoint
    09-07-2016 17:49:23 System Checkpoint
    11-07-2016 13:02:45 System Checkpoint
    12-07-2016 13:04:57 System Checkpoint
    13-07-2016 20:27:57 System Checkpoint
    16-07-2016 11:37:15 System Checkpoint
    17-07-2016 17:28:08 System Checkpoint
    19-07-2016 11:33:57 System Checkpoint
    19-07-2016 17:57:52 AA11
    21-07-2016 14:04:06 System Checkpoint
    22-07-2016 14:05:24 System Checkpoint
    23-07-2016 15:32:10 System Checkpoint
    27-07-2016 18:04:26 System Checkpoint
    28-07-2016 22:19:39 System Checkpoint
    29-07-2016 23:06:08 System Checkpoint
    07-08-2016 18:08:09 System Checkpoint
    07-08-2016 23:54:56 Restore Operation
    08-08-2016 00:12:04 Removed VMware View Client.
    09-08-2016 00:39:51 System Checkpoint
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    Error: (08/08/2016 01:31:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module unknown, version, fault address 0x08653688.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/08/2016 01:20:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module msctfime.ime, version 5.1.2600.5512, fault address 0x00006f2e.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/08/2016 01:11:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module unknown, version, fault address 0x05e4dc98.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/08/2016 01:09:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module unknown, version, fault address 0x05762718.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/07/2016 09:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module msctfime.ime, version 5.1.2600.5512, fault address 0x00006f2e.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/07/2016 09:30:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module msctfime.ime, version 5.1.2600.5512, fault address 0x00006f2e.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (08/07/2016 09:19:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application aolbrowser.exe, version, faulting module unknown, version, fault address 0x06226e98.
    Processing media-specific event for [aolbrowser.exe!ws!]
    Error: (07/29/2016 09:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application hpqtra08.exe, version, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
    Processing media-specific event for [hpqtra08.exe!ws!]
    Error: (07/29/2016 04:30:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14578968
    Error: (07/29/2016 04:30:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 14578968
    System errors:
    Error: (08/08/2016 04:09:36 PM) (Source: System Error) (EventID: 1003) (User: )
    Description: Error code 1000000a, parameter1 00000000, parameter2 0000001c, parameter3 00000000, parameter4 80502dc7.
    Error: (08/08/2016 04:08:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Error: (08/08/2016 04:08:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.
    Error: (08/08/2016 03:34:33 PM) (Source: System Error) (EventID: 1003) (User: )
    Description: Error code 1000000a, parameter1 0000aae9, parameter2 00000002, parameter3 00000001, parameter4 806e7a16.
    Error: (08/08/2016 03:33:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (08/08/2016 03:33:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Error: (08/08/2016 03:33:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.
    Error: (08/08/2016 02:21:57 PM) (Source: System Error) (EventID: 1003) (User: )
    Description: Error code 00000019, parameter1 00000020, parameter2 8a249000, parameter3 8a2490a0, parameter4 0a140000.
    Error: (08/08/2016 02:19:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.
    Error: (08/08/2016 02:19:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    ==================== Memory info ===========================
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz
    Percentage of memory in use: 65%
    Total physical RAM: 3582.09 MB
    Available physical RAM: 1242.55 MB
    Total Virtual: 5463.15 MB
    Available Virtual: 3413.76 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:461.64 GB) (Free:214.84 GB) NTFS ==>[drive with boot components (Windows XP)]
    ==================== MBR & Partition Table ==================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=461.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=4.1 GB) - (Type=DB)
    ==================== End of Addition.txt ============================

    Thanks, Jennifer

  6. #6
    Join Date
    Dec 2007
    Daly City, CA
    There is still some infection present.
    If that's what's causing your issues we'll see.

    Uninstall following unwanted programs:

    Coupon Printer for Windows
    Download Updater

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup- and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.

    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

  7. #7
    Join Date
    Oct 2005
    Dear Broni,
    When I try to uninstall the program Coupon Printer for Windows, I get this error message (cannot Remove upon clicking remove button): Invalid uninstall control file: C:\ProgramFiles\Coupons\Uninstall\uninstall.xml
    I did successfully uninstall the Dowload Updater.

    Please let me know what I can do about the issue above, as I know I should probably work on that before following the rest of your list.

    Thanks for following up,

  8. #8
    Join Date
    Dec 2007
    Daly City, CA
    Go ahead with other steps.

  9. #9
    Join Date
    Oct 2005
    Dear Broni,

    When I tried downloading RogueKiller, I got to the part where I
    Double clicked on downloaded setup.exe file to install the program,
    BUT then it asked me to select a language, I clicked English, and nothing happened after that. I did this 2-3 times with the same result. Should I just move on and do the rest, or can this be helped?


  10. #10
    Join Date
    Dec 2007
    Daly City, CA
    Try to delete downloaded file and download fresh one.
    If same thing hapens go ahead with other steps.

  11. #11
    Join Date
    Aug 2016

    Blue Screens on XP Part 2- from Nif1025's other name

    Dear Broni,

    This is Jennifer, who had the username Nif1025. I'm the one who posted the original Blue Screens of Death messages. After I followed all your steps, I tried logging into the forums again to post my reply. My password no longer worked. When I clicked to reset/get a new password, it said it would email me a new password. It's 2 hours later, and I didn't get any email. Finally, I decided to create another account because I don't know another way to get on here. I can't even private message you, at least not the ways I tried. So here are my logs from the previous thread:

    Malwarebytes Anti-Malware

    Scan Date: 8/12/2016
    Scan Time: 1:04:42 AM
    Administrator: Yes

    Malware Database: v2016.08.12.02
    Rootkit Database: v2016.08.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Jennifer Klausner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 493420
    Time Elapsed: 2 hr, 17 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2481032, Quarantined, [250d55f5eeac3105fda68011c043cb35],
    PUP.Optional.W3i, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64E63331-229C-40EE-B596-A279CE1B5FA5}, Quarantined, [34fe0149e9b18aac78a07f3cc63de61a],
    PUP.Optional.Conduit, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarantined, [5fd3ac9e6634c670e6d6dcc07a899c64],

    Registry Values: 2
    PUP.Optional.W3i, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64E63331-229C-40EE-B596-A279CE1B5FA5}|URL, http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110206,6901,0,8,0, Quarantined, [34fe0149e9b18aac78a07f3cc63de61a]
    PUP.Optional.Conduit, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032, Quarantined, [5fd3ac9e6634c670e6d6dcc07a899c64]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Trojan.Kovter, C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\7t9Ar4p4.exe.part, Quarantined, [f93959f11a801a1cc90cbda2b64afa06],

    Physical Sectors: 0
    (No malicious items detected)


    # AdwCleaner v5.201 - Logfile created 12/08/2016 at 11:21:31
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-12.1 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Jennifer Klausner - JENDESKTOP
    # Running from : C:\adwcleaner_5.201.exe
    # Option : Scan
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****

    Service Found : Viewpoint Manager Service

    ***** [ Folders ] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Found : C:\Program Files\Coupons
    Folder Found : C:\Program Files\SearchAssist
    Folder Found : C:\Program Files\Viewpoint

    ***** [ Files ] *****

    ***** [ DLL ] *****

    ***** [ WMI ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKCU\Software\AIM Toolbar
    Key Found : HKCU\Software\Bitberry
    Key Found : HKCU\Software\Viewpoint
    Key Found : HKCU\Software\Yahoo\Companion
    Key Found : HKCU\Software\Yahoo\YFriendsBar
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\AIM Toolbar
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\MetaStream
    Key Found : HKLM\SOFTWARE\Viewpoint
    Key Found : HKLM\SOFTWARE\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AIM Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKU\.DEFAULT\Software\Viewpoint
    Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AIM Toolbar
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Bitberry
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Viewpoint
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Yahoo\Companion
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Yahoo\YFriendsBar
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\YahooPartnerToolbar
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AppDataLow\Software\adawarebp
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKU\S-1-5-18\Software\Viewpoint
    Key Found : HKU\S-1-5-18\Software\Yahoo\Companion
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{072bd52f-b0b3-4c27-8c30-c471fddaaefa}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\SearchScopes\{072bd52f-b0b3-4c27-8c30-c471fddaaefa}
    Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mmotraffic.com

    ***** [ Web browsers ] *****


    C:\AdwCleaner\AdwCleaner[S1].txt - [8064 bytes] - [12/08/2016 11:21:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8137 bytes] ##########

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Jennifer Klausner (Administrator) on Fri 08/12/2016 at 11:41:10.95

    File System: 31

    Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\freefileviewer (Folder)
    Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\Microsoft\Internet Explorer\Quick Launch\play games.lnk (Shortcut)
    Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\viewpoint (Folder)
    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job (Task)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3YXQQBSE (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6V4B5M5H (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8WTH1AIB (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CAKQCP95 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDC9U5FL (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HZUF297R (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L0YDJHPV (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P37I5X08 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R2C3HHX2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TSG0VSQF (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W79PLFI2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WIM73ORT (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\prefetch\ENABLETOOLBARW32.EXE-2556CFBE.pf (File)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3YXQQBSE (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V4B5M5H (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8WTH1AIB (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CAKQCP95 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDC9U5FL (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HZUF297R (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L0YDJHPV (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P37I5X08 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2C3HHX2 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TSG0VSQF (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W79PLFI2 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WIM73ORT (Temporary Internet Files Folder)

    Registry: 7

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28FE24D4-50EB-4B48-A416-582B910AFDDE} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{61539ECD-CC67-4437-A03C-9AACCBD14326} (Registry Value)

    Scan was completed on Fri 08/12/2016 at 11:46:06.82
    End of JRT log


  12. #12
    Join Date
    Dec 2007
    Daly City, CA
    Delete your RogueKiller file, download fresh one and try to run it again.

  13. #13
    Join Date
    Aug 2016

    Blue Screens on XP Part 3- from Nif1025's other name

    Hi Broni,

    The message board doesn't allow me (under my new/current username) to reply to any posts on the original thread. It says I don't have permission to do so. My reply from the last post is that downloading RogueKiller still has the same issue, and nothing happens after I select the language for installation. Tried twice and deleted between the 2 attempts. I even went into the properties of the file and told it to unblock any components it may have hidden for security reasons. That wasn't successful.


  14. #14
    Join Date
    Mar 2009
    Arkham Asylum, Cell 13

  15. #15
    Join Date
    Aug 2016
    Dear Broni, Midknyte, and others,

    Thank you for the advice, the RogueKiller version from above did download. Here is my RogueKiller log.

    RogueKiller V12.4.3.0 [Aug 8 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Jennifer Klausner [Administrator]
    Started from : C:\RogueKiller.exe
    Mode : Delete -- Date : 08/13/2016 01:09:59

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0b4ec5a7-aa30-428e-b79f-7492b9a36e59} (C:\WINDOWS\msvideo.dll) -> Deleted
    [PUP] HKEY_USERS\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AIM Toolbar -> Deleted
    [PUP] HKEY_USERS\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AppDataLow\Software\adawarebp -> Deleted
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Deleted
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Deleted
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\catchme.sys) -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\catchme.sys) -> Deleted
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Viewpoint Manager Service ("C:\Program Files\Viewpoint\Common\ViewpointService.exe") -> Deleted
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\catchme.sys) -> Deleted

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [PUP][Folder] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion -> Deleted
    [PUP][Folder] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion\Buttons -> Deleted
    [PUP][Folder] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion\CrashLogs -> Deleted
    [PUP][File] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion\inq_data.inq -> Deleted
    [PUP][File] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion\inq_settings.xml -> Deleted
    [PUP][File] C:\Documents and Settings\Jennifer Klausner\Application Data\Yahoo!\Companion\resources.inq -> Deleted

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3500641AS +++++
    --- User ---
    [MBR] 350cbb8fa6088bfef9c6a3dd49b5b44c
    [BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 96390 | Size: 472717 MB [Windows XP Bootstrap | Windows XP Bootloader]
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 968221485 | Size: 4173 MB
    User = LL1 ... OK
    User = LL2 ... OK


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts