2tallbill
2016-01-30, 05:51
I am starting a new job in a few day and had to turn in my modern computer when finishing my
previous job.
So I pulled out my old XP machine and fired it up. It runs incredibly slow and seems to be
infected by malware. I tried updating the java and various programs but nothing is working.
The old antivirus had expired so I downloaded Avast for free and ran it and it reported viruses
which I had it repair. Malawarebytes showed no problems.
I downloaded a new version of Spybot and it found some problems but none of them were fixed
or solved the problem. I had to uninstall Avast because it wouldn't allow me to download the
Farbar Recovery tool. The first time I ran Farbar recovery it froze up for over an hour so I downloaded
it again and it ran and produced the following logs. I am not sure where to find the aswMBR logs I found
a FRST.txt and an addition.txt , Maybe one was a result of the first attempt?
I am not a computer expert by stretch of the imagination.
I appreciate that you volunteer to help
Thank you,
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by office (administrator) on FRONTOFFICE (29-01-2016 20:08:15)
Running from C:\Documents and Settings\office\My Documents\Downloads
Loaded Profiles: office & Administrator (Available Profiles: office & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-05] (Sonic Solutions)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW\Support.exe [245760 2003-06-24] (Dell)
HKLM\...\Run: [MW1HelperStartUp] => C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
HKLM\...\Run: [ZingSpooler] => C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe [200704 2002-08-02] (Sony Electronics Inc.)
HKLM\...\Run: [UpdateManager] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [eTrustPPAP] => "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
HKLM\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [208896 2005-12-12] (Macrovision Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [InstallSpybotUpdate_spybotsd2-translation-hrx.exe] => C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-translation-hrx.exe [245016 2015-03-25] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Sonic RecordNow!] => [X]
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\MountPoints2: {3cf3e2b7-7a01-11d9-bbc9-000d5655335a} - E:\JDSecure\Windows\JDSecure20.exe
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-906592872-1445438531-2970854567-500\...\Run: [Sonic RecordNow!] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{5C76818F-C37A-48C6-B1FB-36F5278978DC}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{65952042-D66B-4B5D-836E-C67518EAAD60}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06] (Yahoo! Inc.)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05] (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-16] (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://D:\content\include\XPPatchInstaller.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.533599537
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup144.cab
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll [2004-07-07] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\office\Application Data\Mozilla\Firefox\Profiles\zs5j1ndy.default-1454001749053
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-906592872-1445438531-2970854567-1008: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-01-14] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-04-28] (Apple Computer, Inc.)
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2016-01-16] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2016-01-16] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-14]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Gmail) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-16] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [65536 2002-05-03] (HP)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S2 ACS; C:\WINDOWS\system32\acs.exe [X]
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R3 bcm4sbxp; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [43136 2003-05-23] (Broadcom Corporation) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57344 2007-08-28] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-16] (Creative Technology Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20640 2005-10-26] (Sonic Solutions) [File not signed]
R3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [18768 2009-05-23] () [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-05] (Sonic Solutions) [File not signed]
S3 WNDA3100; C:\WINDOWS\System32\DRIVERS\WNDA31.sys [421376 2008-03-12] (Atheros Communications, Inc.) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) [File not signed]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) [File not signed]
S3 bvrp_pci; no ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 18:24 - 2016-01-29 20:08 - 00000000 ____D C:\FRST
2016-01-29 18:13 - 2016-01-20 07:00 - 00812208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAB.tmp
2016-01-29 18:13 - 2016-01-20 07:00 - 00449384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB0.tmp
2016-01-29 18:13 - 2016-01-17 18:41 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAE.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB1.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB2.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB3.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAF.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAD.tmp
2016-01-29 15:43 - 2016-01-29 15:43 - 00018593 _____ C:\Documents and Settings\office\Desktop\Scan Results.160129-1542.txt
2016-01-29 12:13 - 2016-01-29 12:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-01-29 12:12 - 2016-01-29 12:14 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-29 12:12 - 2016-01-29 12:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-01-29 12:09 - 2016-01-29 12:09 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-29 12:08 - 2016-01-29 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-29 12:08 - 2016-01-29 12:08 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2016-01-29 12:07 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-01-29 11:52 - 2016-01-29 11:54 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-01-28 21:41 - 2016-01-28 21:41 - 00000628 _____ C:\Documents and Settings\office\Desktop\JRT.txt
2016-01-28 15:04 - 2016-01-28 15:04 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-01-28 15:04 - 2016-01-28 15:04 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-01-28 14:58 - 2016-01-28 14:58 - 00000000 ____D C:\Program Files\Common Files\Java
2016-01-28 13:03 - 2016-01-28 13:11 - 00003878 _____ C:\Documents and Settings\office\Desktop\Rkill.txt
2016-01-28 12:47 - 2016-01-29 19:52 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 12:47 - 2016-01-29 12:52 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 09:22 - 2016-01-28 09:22 - 00000000 ____D C:\Documents and Settings\office\Desktop\Old Firefox Data
2016-01-22 18:11 - 2016-01-22 18:11 - 00060521 _____ C:\Documents and Settings\office\Desktop\2015 taxes state nd.pdf
2016-01-22 18:10 - 2016-01-22 18:10 - 00095568 _____ C:\Documents and Settings\office\Desktop\2015 taxes fed.pdf
2016-01-22 15:26 - 2016-01-22 15:26 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2016-01-20 09:51 - 2009-06-13 15:15 - 00000021 __RSH C:\WINDOWS\system32\Drivers\etc\hosts.20160120-095147.backup
2016-01-19 17:49 - 2016-01-19 17:49 - 04499648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-01-17 19:09 - 2016-01-17 19:09 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Temp
2016-01-17 19:09 - 2016-01-17 19:09 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Temp
2016-01-17 18:46 - 2016-01-17 18:46 - 00000000 ____D C:\Documents and Settings\office\Application Data\AVAST Software
2016-01-17 18:43 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-01-17 18:42 - 2016-01-17 18:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2016-01-17 18:40 - 2016-01-17 18:40 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-17 18:37 - 2016-01-17 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-17 18:35 - 2016-01-17 18:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-01-17 17:19 - 2016-01-17 17:19 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-17 17:19 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2016-01-17 17:15 - 2016-01-17 17:15 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2016-01-17 17:14 - 2016-01-29 12:44 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-01-17 15:19 - 2016-01-17 15:19 - 00000000 ____D C:\Program Files\Reason
2016-01-17 15:19 - 2016-01-17 15:19 - 00000000 ____D C:\Documents and Settings\office\Start Menu\Programs\Should I Remove It
2016-01-17 15:09 - 2016-01-28 14:56 - 00000000 ____D C:\Documents and Settings\office\.oracle_jre_usage
2016-01-17 15:09 - 2016-01-17 15:09 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Sun
2016-01-17 15:08 - 2016-01-28 14:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2016-01-17 15:08 - 2016-01-28 14:54 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-01-17 15:05 - 2016-01-17 15:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2016-01-17 15:03 - 2016-01-17 15:03 - 00000000 ____D C:\Documents and Settings\office\Application Data\Oracle
2016-01-17 14:58 - 2016-01-17 14:58 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-17 14:49 - 2016-01-29 19:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-17 14:49 - 2016-01-19 17:50 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-17 14:49 - 2016-01-19 17:50 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-17 13:40 - 2016-01-28 14:25 - 00000000 ____D C:\Documents and Settings\office\Desktop\malware tools
2016-01-17 13:31 - 2016-01-17 13:33 - 00000000 ____D C:\AdwCleaner
2016-01-17 12:58 - 2016-01-17 12:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-17 12:58 - 2016-01-17 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 12:58 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-16 22:11 - 2016-01-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-16 19:11 - 2016-01-22 18:08 - 00040727 _____ C:\Documents and Settings\office\Desktop\William Wehrli 2015 Tax Return.T15
2016-01-16 19:02 - 2016-01-16 19:02 - 00000000 ____D C:\Documents and Settings\office\Application Data\TaxCut
2016-01-16 17:33 - 2016-01-22 15:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2015
2016-01-16 17:27 - 2016-01-16 19:11 - 00000000 ____D C:\Documents and Settings\office\My Documents\HRBlock
2016-01-16 17:27 - 2016-01-16 17:33 - 00000000 ____D C:\Program Files\HRBlock2015
2016-01-16 17:27 - 2016-01-16 17:30 - 00000000 ____D C:\Program Files\PDF995
2016-01-16 17:08 - 2016-01-16 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TaxCut
2016-01-16 13:22 - 2016-01-17 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-16 13:22 - 2016-01-16 13:22 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-15 22:40 - 2016-01-15 22:40 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\PCHealth
2016-01-15 22:35 - 2016-01-29 11:59 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-15 22:35 - 2016-01-16 13:27 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-15 22:19 - 2016-01-15 22:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2016-01-15 22:12 - 2016-01-15 22:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2016-01-15 22:10 - 2016-01-15 22:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2016-01-15 22:09 - 2016-01-15 22:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2016-01-15 22:05 - 2016-01-15 22:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2016-01-15 22:04 - 2016-01-15 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2016-01-15 22:04 - 2016-01-15 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2016-01-15 22:03 - 2016-01-15 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2491683$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2016-01-15 21:58 - 2016-01-15 21:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2016-01-15 21:58 - 2016-01-15 21:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2016-01-15 21:50 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2016-01-15 21:50 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2016-01-15 21:49 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2016-01-15 21:49 - 2016-01-15 21:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2016-01-15 21:49 - 2016-01-15 21:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2016-01-15 21:48 - 2016-01-15 21:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2016-01-15 21:48 - 2016-01-15 21:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2016-01-15 21:41 - 2016-01-15 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2016-01-15 21:41 - 2016-01-15 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2016-01-15 21:33 - 2016-01-15 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2016-01-15 21:32 - 2016-01-15 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2016-01-15 21:29 - 2016-01-15 21:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2016-01-15 21:29 - 2016-01-15 21:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2016-01-15 21:28 - 2016-01-15 21:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2016-01-15 21:28 - 2016-01-15 21:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$
2016-01-15 21:25 - 2016-01-15 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2016-01-15 21:25 - 2016-01-15 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2016-01-15 21:15 - 2016-01-15 21:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2016-01-15 21:15 - 2016-01-15 21:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2016-01-15 21:14 - 2016-01-15 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2016-01-15 21:14 - 2016-01-15 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2016-01-15 21:13 - 2016-01-15 21:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2016-01-15 21:00 - 2016-01-15 21:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-15 20:59 - 2016-01-15 20:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2016-01-15 20:55 - 2016-01-15 20:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2016-01-15 20:54 - 2016-01-15 20:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2016-01-15 20:53 - 2016-01-15 20:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2016-01-15 20:53 - 2016-01-15 20:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-01-15 20:52 - 2016-01-15 20:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2016-01-15 20:50 - 2016-01-15 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2016-01-15 20:50 - 2016-01-15 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2016-01-15 20:49 - 2016-01-15 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2016-01-15 20:43 - 2016-01-15 20:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978695_WM9$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2016-01-15 20:41 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-01-15 20:41 - 2016-01-15 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2016-01-15 20:41 - 2016-01-15 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2016-01-15 20:35 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2016-01-15 20:35 - 2016-01-15 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2016-01-15 20:35 - 2016-01-15 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2016-01-15 20:34 - 2016-01-15 20:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2016-01-15 20:32 - 2016-01-15 20:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2016-01-15 20:31 - 2016-01-15 20:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2016-01-15 20:30 - 2016-01-15 20:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2016-01-15 20:30 - 2016-01-15 20:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2016-01-15 20:29 - 2016-01-15 20:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2016-01-15 20:22 - 2016-01-15 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2016-01-15 20:20 - 2016-01-15 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2016-01-15 20:18 - 2016-01-15 20:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2016-01-15 20:18 - 2016-01-15 20:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2016-01-15 20:05 - 2016-01-15 20:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2016-01-15 19:58 - 2016-01-15 19:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2016-01-15 19:58 - 2016-01-15 19:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2016-01-15 19:56 - 2016-01-15 19:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2016-01-15 19:49 - 2016-01-15 19:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2016-01-15 19:18 - 2010-09-17 22:53 - 00954368 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40.dll
2016-01-15 19:18 - 2010-09-17 22:53 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2016-01-15 19:16 - 2014-02-25 17:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2016-01-15 19:16 - 2014-02-25 17:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2016-01-15 19:15 - 2010-08-23 08:12 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2016-01-15 19:14 - 2010-06-14 06:31 - 00744448 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2016-01-15 19:11 - 2013-07-16 16:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2016-01-15 19:11 - 2013-07-16 16:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2016-01-15 19:11 - 2013-07-16 16:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2016-01-15 19:09 - 2013-07-02 18:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2016-01-15 19:09 - 2013-07-02 17:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2016-01-15 19:09 - 2009-03-18 03:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2016-01-15 19:08 - 2013-02-11 16:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2016-01-15 19:08 - 2013-02-11 16:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2016-01-15 19:05 - 2012-07-04 06:05 - 00139784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2016-01-15 19:04 - 2012-05-28 10:16 - 00536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2016-01-15 18:59 - 2011-04-21 05:37 - 00105472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2016-01-15 18:54 - 2013-11-27 12:21 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2016-01-15 18:54 - 2012-01-11 11:06 - 00003072 ____N C:\WINDOWS\system32\iacenc.dll
2016-01-15 18:54 - 2012-01-11 11:06 - 00003072 ____N C:\WINDOWS\system32\dllcache\iacenc.dll
2016-01-15 18:54 - 2011-07-08 06:02 - 00010496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2016-01-15 18:49 - 2010-10-11 06:59 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2016-01-15 18:07 - 2016-01-15 18:07 - 00000000 ____D C:\Program Files\CCleaner
2016-01-15 18:07 - 2016-01-15 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 20:11 - 2003-12-07 12:23 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Temp
2016-01-29 14:52 - 2009-07-14 09:05 - 00032430 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-29 12:07 - 2004-02-17 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-01-29 12:00 - 2003-11-15 09:00 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2016-01-29 11:59 - 2003-11-15 09:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 11:59 - 2003-11-15 09:02 - 00003638 _____ C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2016-01-29 11:58 - 2003-12-07 12:23 - 00000278 ___SH C:\Documents and Settings\office\NTUSER.INI
2016-01-29 11:57 - 2003-12-07 12:23 - 00000000 ____D C:\Documents and Settings\office
2016-01-28 15:46 - 2008-04-09 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-01-28 15:07 - 2004-02-17 15:00 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Google
2016-01-28 15:02 - 2004-02-17 15:00 - 00000000 ____D C:\Program Files\Google
2016-01-28 14:52 - 2009-06-16 09:12 - 00153088 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2016-01-28 14:43 - 2003-11-15 09:12 - 00000000 ____D C:\Program Files\Java
2016-01-28 14:25 - 2009-06-13 15:58 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-01-20 16:33 - 2009-06-03 07:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-01-20 16:33 - 2003-11-15 08:48 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2016-01-17 19:06 - 2003-11-15 08:47 - 00000000 ___HD C:\WINDOWS\INF
2016-01-17 17:00 - 2009-07-21 16:00 - 00000000 ____D C:\Documents and Settings\office\Desktop\Bids
2016-01-17 16:59 - 2008-05-07 14:12 - 00000000 ____D C:\Documents and Settings\office\Desktop\bk forms
2016-01-17 16:59 - 2005-04-19 12:29 - 00000000 ____D C:\Documents and Settings\office\Desktop\Window Sales Group
2016-01-17 16:54 - 2006-05-23 08:57 - 00000000 ____D C:\Documents and Settings\office\Desktop\Unused Desktop Shortcuts
2016-01-17 16:48 - 2008-05-07 20:55 - 00000000 ____D C:\Documents and Settings\office\Desktop\tims folder
2016-01-17 16:45 - 2004-04-28 14:32 - 00000000 ____D C:\Documents and Settings\office\Application Data\Adobe
2016-01-17 16:22 - 2004-04-28 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-01-17 16:09 - 2003-11-15 09:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-01-17 16:08 - 2009-09-30 12:21 - 00000000 ____D C:\Program Files\EagleVision
2016-01-17 16:06 - 2009-05-18 14:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\JELD-WEN
2016-01-17 16:03 - 2009-06-12 11:05 - 00000000 ____D C:\MQS
2016-01-17 15:20 - 2003-11-15 09:22 - 00071872 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-01-17 15:02 - 2004-04-28 14:32 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Adobe
2016-01-17 14:56 - 2004-02-20 10:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-17 14:55 - 2004-04-28 14:31 - 00000000 ____D C:\Program Files\Adobe
2016-01-17 13:33 - 2006-06-20 15:55 - 00000000 __RHD C:\Documents and Settings\office\Application Data\yahoo!
2016-01-17 12:58 - 2008-04-21 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-01-16 18:58 - 2002-09-03 11:42 - 00277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-16 17:27 - 2003-12-07 12:23 - 00000000 ___RD C:\Documents and Settings\office\My Documents
2016-01-16 13:22 - 2008-04-09 13:51 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-01-15 22:34 - 2003-11-15 08:46 - 00000000 _RSHD C:\WINDOWS\system32\DLLCACHE
2016-01-15 22:18 - 2003-11-15 09:02 - 00533998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 22:12 - 2002-09-03 11:36 - 00000867 _____ C:\WINDOWS\WIN.INI
2016-01-15 22:09 - 2005-02-08 11:13 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-01-15 21:39 - 2003-11-15 09:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2016-01-15 21:39 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-15 21:15 - 2003-11-15 09:26 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-15 21:00 - 2005-05-21 15:40 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-15 20:33 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Outlook Express
2016-01-15 20:30 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Movie Maker
2016-01-15 20:11 - 2009-10-01 03:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2016-01-15 18:10 - 2009-06-03 07:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-15 17:55 - 2003-11-15 08:47 - 00000000 ____D C:\WINDOWS\Help
==================== Files in the root of some directories =======
2004-01-05 16:23 - 2009-06-18 08:57 - 0012288 _____ () C:\Documents and Settings\office\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2004-01-07 14:59 - 2004-01-07 14:59 - 0000129 _____ () C:\Documents and Settings\office\Local Settings\Application Data\fusioncache.dat
2008-04-09 12:30 - 2008-04-09 12:30 - 0000032 _____ () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-01-02 13:58 - 2004-02-17 15:23 - 0000376 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-03-09 11:32 - 2008-06-27 20:47 - 0001365 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Here is the Spybot log
Search results from Spybot - Search & Destroy
1/29/2016 3:42:57 PM
Scan took 02:27:04.
34 items found.
Error: Error during scan! - Win32.Renos [1574|4178 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4179 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4180 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4181 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4182 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4183 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4184 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4185 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4186 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4187 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4188 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4189 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4190 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4191 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4192 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4193 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4194 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4195 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4196 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4197 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4198 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4199 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4200 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4201 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4202 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4203 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4204 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4205 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4206 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4207 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4208 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4209 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4210 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4211 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4212 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4213 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4214 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4215 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4216 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4217 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4218 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4219 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4220 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4221 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4222 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4223 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4224 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4225 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4226 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4227 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4228 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4229 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4230 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4231 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4232 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4233 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4234 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4235 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4236 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4237 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4238 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4239 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4240 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4241 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4242 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4243 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4244 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4245 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4246 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4247 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4248 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4249 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4250 - $7BA94522] (Out of memory)
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Documents and Settings\office\Application Data\Macromedia\Flash Player\#SharedObjects\YF64C5RD\s.yimg.com\com.conviva.livePass.sol
Properties.size=239
Properties.md5=7DA5CA12E0D0DA37BE2F20B4A872F398
Properties.filedate=1454100758
Properties.filedatetext=2016-01-29 12:52:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Documents and Settings\office\Application Data\Macromedia\Flash Player\#SharedObjects\YF64C5RD\v4s.yimg.com\com.conviva.livePass.sol
Properties.size=239
Properties.md5=EB3E4DDEE37185505C446BA76EBDC51B
Properties.filedate=1454104340
Properties.filedatetext=2016-01-29 13:52:19
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Common Dialogs: [SBI $D50C003B] History (2 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Office\11.0\Word\Data\Settings
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Cookie: [SBI $49804B54] Browser: Cookie (976) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-01-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-01-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-01-27 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-01-20 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-01-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-01-13 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
previous job.
So I pulled out my old XP machine and fired it up. It runs incredibly slow and seems to be
infected by malware. I tried updating the java and various programs but nothing is working.
The old antivirus had expired so I downloaded Avast for free and ran it and it reported viruses
which I had it repair. Malawarebytes showed no problems.
I downloaded a new version of Spybot and it found some problems but none of them were fixed
or solved the problem. I had to uninstall Avast because it wouldn't allow me to download the
Farbar Recovery tool. The first time I ran Farbar recovery it froze up for over an hour so I downloaded
it again and it ran and produced the following logs. I am not sure where to find the aswMBR logs I found
a FRST.txt and an addition.txt , Maybe one was a result of the first attempt?
I am not a computer expert by stretch of the imagination.
I appreciate that you volunteer to help
Thank you,
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by office (administrator) on FRONTOFFICE (29-01-2016 20:08:15)
Running from C:\Documents and Settings\office\My Documents\Downloads
Loaded Profiles: office & Administrator (Available Profiles: office & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Sonic Solutions) C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-05] (Sonic Solutions)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW\Support.exe [245760 2003-06-24] (Dell)
HKLM\...\Run: [MW1HelperStartUp] => C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
HKLM\...\Run: [ZingSpooler] => C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe [200704 2002-08-02] (Sony Electronics Inc.)
HKLM\...\Run: [UpdateManager] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [eTrustPPAP] => "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
HKLM\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [208896 2005-12-12] (Macrovision Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [InstallSpybotUpdate_spybotsd2-translation-hrx.exe] => C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-translation-hrx.exe [245016 2015-03-25] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Sonic RecordNow!] => [X]
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\...\MountPoints2: {3cf3e2b7-7a01-11d9-bbc9-000d5655335a} - E:\JDSecure\Windows\JDSecure20.exe
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-906592872-1445438531-2970854567-500\...\Run: [Sonic RecordNow!] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{5C76818F-C37A-48C6-B1FB-36F5278978DC}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{65952042-D66B-4B5D-836E-C67518EAAD60}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dell.com
HKU\S-1-5-21-906592872-1445438531-2970854567-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
URLSearchHook: HKU\S-1-5-21-906592872-1445438531-2970854567-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06] (Yahoo! Inc.)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05] (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-16] (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2006-02-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-906592872-1445438531-2970854567-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} file://D:\content\include\XPPatchInstaller.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.533599537
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup144.cab
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll [2004-07-07] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\office\Application Data\Mozilla\Firefox\Profiles\zs5j1ndy.default-1454001749053
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2006-06-21] (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-906592872-1445438531-2970854567-1008: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-01-14] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-04-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-04-28] (Apple Computer, Inc.)
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2016-01-16] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2016-01-16] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-01-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-14]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Gmail) - C:\Documents and Settings\office\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-16] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [65536 2002-05-03] (HP)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S2 ACS; C:\WINDOWS\system32\acs.exe [X]
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R3 bcm4sbxp; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [43136 2003-05-23] (Broadcom Corporation) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57344 2007-08-28] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-16] (Creative Technology Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20640 2005-10-26] (Sonic Solutions) [File not signed]
R3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [18768 2009-05-23] () [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-05] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-05] (Sonic Solutions) [File not signed]
S3 WNDA3100; C:\WINDOWS\System32\DRIVERS\WNDA31.sys [421376 2008-03-12] (Atheros Communications, Inc.) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) [File not signed]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) [File not signed]
S3 bvrp_pci; no ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 18:24 - 2016-01-29 20:08 - 00000000 ____D C:\FRST
2016-01-29 18:13 - 2016-01-20 07:00 - 00812208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAB.tmp
2016-01-29 18:13 - 2016-01-20 07:00 - 00449384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB0.tmp
2016-01-29 18:13 - 2016-01-17 18:41 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAE.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB1.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB2.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB3.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAF.tmp
2016-01-29 18:13 - 2016-01-17 18:40 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAD.tmp
2016-01-29 15:43 - 2016-01-29 15:43 - 00018593 _____ C:\Documents and Settings\office\Desktop\Scan Results.160129-1542.txt
2016-01-29 12:13 - 2016-01-29 12:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-01-29 12:12 - 2016-01-29 12:14 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-29 12:12 - 2016-01-29 12:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-01-29 12:09 - 2016-01-29 12:09 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-29 12:08 - 2016-01-29 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-29 12:08 - 2016-01-29 12:08 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2016-01-29 12:07 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-01-29 11:52 - 2016-01-29 11:54 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-01-28 21:41 - 2016-01-28 21:41 - 00000628 _____ C:\Documents and Settings\office\Desktop\JRT.txt
2016-01-28 15:04 - 2016-01-28 15:04 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-01-28 15:04 - 2016-01-28 15:04 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-01-28 14:58 - 2016-01-28 14:58 - 00000000 ____D C:\Program Files\Common Files\Java
2016-01-28 13:03 - 2016-01-28 13:11 - 00003878 _____ C:\Documents and Settings\office\Desktop\Rkill.txt
2016-01-28 12:47 - 2016-01-29 19:52 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 12:47 - 2016-01-29 12:52 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 09:22 - 2016-01-28 09:22 - 00000000 ____D C:\Documents and Settings\office\Desktop\Old Firefox Data
2016-01-22 18:11 - 2016-01-22 18:11 - 00060521 _____ C:\Documents and Settings\office\Desktop\2015 taxes state nd.pdf
2016-01-22 18:10 - 2016-01-22 18:10 - 00095568 _____ C:\Documents and Settings\office\Desktop\2015 taxes fed.pdf
2016-01-22 15:26 - 2016-01-22 15:26 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2016-01-20 09:51 - 2009-06-13 15:15 - 00000021 __RSH C:\WINDOWS\system32\Drivers\etc\hosts.20160120-095147.backup
2016-01-19 17:49 - 2016-01-19 17:49 - 04499648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-01-17 19:09 - 2016-01-17 19:09 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Temp
2016-01-17 19:09 - 2016-01-17 19:09 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Temp
2016-01-17 18:46 - 2016-01-17 18:46 - 00000000 ____D C:\Documents and Settings\office\Application Data\AVAST Software
2016-01-17 18:43 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-01-17 18:42 - 2016-01-17 18:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2016-01-17 18:40 - 2016-01-17 18:40 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-17 18:37 - 2016-01-17 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-17 18:35 - 2016-01-17 18:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-01-17 17:19 - 2016-01-17 17:19 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-17 17:19 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe
2016-01-17 17:15 - 2016-01-17 17:15 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2016-01-17 17:14 - 2016-01-29 12:44 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-01-17 15:19 - 2016-01-17 15:19 - 00000000 ____D C:\Program Files\Reason
2016-01-17 15:19 - 2016-01-17 15:19 - 00000000 ____D C:\Documents and Settings\office\Start Menu\Programs\Should I Remove It
2016-01-17 15:09 - 2016-01-28 14:56 - 00000000 ____D C:\Documents and Settings\office\.oracle_jre_usage
2016-01-17 15:09 - 2016-01-17 15:09 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Sun
2016-01-17 15:08 - 2016-01-28 14:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2016-01-17 15:08 - 2016-01-28 14:54 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-01-17 15:05 - 2016-01-17 15:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2016-01-17 15:03 - 2016-01-17 15:03 - 00000000 ____D C:\Documents and Settings\office\Application Data\Oracle
2016-01-17 14:58 - 2016-01-17 14:58 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-17 14:49 - 2016-01-29 19:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-17 14:49 - 2016-01-19 17:50 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-17 14:49 - 2016-01-19 17:50 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-17 13:40 - 2016-01-28 14:25 - 00000000 ____D C:\Documents and Settings\office\Desktop\malware tools
2016-01-17 13:31 - 2016-01-17 13:33 - 00000000 ____D C:\AdwCleaner
2016-01-17 12:58 - 2016-01-17 12:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-17 12:58 - 2016-01-17 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 12:58 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-16 22:11 - 2016-01-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-16 19:11 - 2016-01-22 18:08 - 00040727 _____ C:\Documents and Settings\office\Desktop\William Wehrli 2015 Tax Return.T15
2016-01-16 19:02 - 2016-01-16 19:02 - 00000000 ____D C:\Documents and Settings\office\Application Data\TaxCut
2016-01-16 17:33 - 2016-01-22 15:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2015
2016-01-16 17:27 - 2016-01-16 19:11 - 00000000 ____D C:\Documents and Settings\office\My Documents\HRBlock
2016-01-16 17:27 - 2016-01-16 17:33 - 00000000 ____D C:\Program Files\HRBlock2015
2016-01-16 17:27 - 2016-01-16 17:30 - 00000000 ____D C:\Program Files\PDF995
2016-01-16 17:08 - 2016-01-16 17:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TaxCut
2016-01-16 13:22 - 2016-01-17 13:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-16 13:22 - 2016-01-16 13:22 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-15 22:40 - 2016-01-15 22:40 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\PCHealth
2016-01-15 22:35 - 2016-01-29 11:59 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-15 22:35 - 2016-01-16 13:27 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-15 22:19 - 2016-01-15 22:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2016-01-15 22:12 - 2016-01-15 22:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2016-01-15 22:10 - 2016-01-15 22:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2016-01-15 22:09 - 2016-01-15 22:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2016-01-15 22:05 - 2016-01-15 22:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2016-01-15 22:04 - 2016-01-15 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2016-01-15 22:04 - 2016-01-15 22:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2016-01-15 22:03 - 2016-01-15 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2016-01-15 22:02 - 2016-01-15 22:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2491683$
2016-01-15 22:01 - 2016-01-15 22:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2016-01-15 21:58 - 2016-01-15 21:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2016-01-15 21:58 - 2016-01-15 21:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2016-01-15 21:57 - 2016-01-15 21:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2016-01-15 21:50 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2016-01-15 21:50 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2016-01-15 21:49 - 2016-01-15 21:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2016-01-15 21:49 - 2016-01-15 21:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2016-01-15 21:49 - 2016-01-15 21:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2016-01-15 21:48 - 2016-01-15 21:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2016-01-15 21:48 - 2016-01-15 21:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2016-01-15 21:41 - 2016-01-15 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2016-01-15 21:41 - 2016-01-15 21:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2016-01-15 21:33 - 2016-01-15 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2016-01-15 21:32 - 2016-01-15 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2016-01-15 21:32 - 2016-01-15 21:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2016-01-15 21:29 - 2016-01-15 21:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2016-01-15 21:29 - 2016-01-15 21:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2016-01-15 21:28 - 2016-01-15 21:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2016-01-15 21:28 - 2016-01-15 21:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$
2016-01-15 21:25 - 2016-01-15 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2016-01-15 21:25 - 2016-01-15 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2016-01-15 21:24 - 2016-01-15 21:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-01-15 21:23 - 2016-01-15 21:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2016-01-15 21:15 - 2016-01-15 21:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2016-01-15 21:15 - 2016-01-15 21:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2016-01-15 21:14 - 2016-01-15 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2016-01-15 21:14 - 2016-01-15 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2016-01-15 21:13 - 2016-01-15 21:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2016-01-15 21:00 - 2016-01-15 21:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-15 20:59 - 2016-01-15 20:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2016-01-15 20:55 - 2016-01-15 20:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2016-01-15 20:54 - 2016-01-15 20:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2016-01-15 20:53 - 2016-01-15 20:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2016-01-15 20:53 - 2016-01-15 20:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-01-15 20:52 - 2016-01-15 20:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2016-01-15 20:50 - 2016-01-15 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2016-01-15 20:50 - 2016-01-15 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2016-01-15 20:49 - 2016-01-15 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2016-01-15 20:43 - 2016-01-15 20:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978695_WM9$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2016-01-15 20:42 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2016-01-15 20:41 - 2016-01-15 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-01-15 20:41 - 2016-01-15 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2016-01-15 20:41 - 2016-01-15 20:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2016-01-15 20:35 - 2016-01-15 20:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2016-01-15 20:35 - 2016-01-15 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2016-01-15 20:35 - 2016-01-15 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2016-01-15 20:34 - 2016-01-15 20:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2016-01-15 20:33 - 2016-01-15 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2016-01-15 20:32 - 2016-01-15 20:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2016-01-15 20:31 - 2016-01-15 20:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2016-01-15 20:30 - 2016-01-15 20:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2016-01-15 20:30 - 2016-01-15 20:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2016-01-15 20:29 - 2016-01-15 20:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2016-01-15 20:22 - 2016-01-15 20:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2016-01-15 20:20 - 2016-01-15 20:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2016-01-15 20:18 - 2016-01-15 20:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2016-01-15 20:18 - 2016-01-15 20:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2016-01-15 20:05 - 2016-01-15 20:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2016-01-15 19:58 - 2016-01-15 19:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2016-01-15 19:58 - 2016-01-15 19:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2016-01-15 19:57 - 2016-01-15 19:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2016-01-15 19:56 - 2016-01-15 19:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2016-01-15 19:49 - 2016-01-15 19:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2016-01-15 19:18 - 2010-09-17 22:53 - 00954368 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40.dll
2016-01-15 19:18 - 2010-09-17 22:53 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2016-01-15 19:16 - 2014-02-25 17:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2016-01-15 19:16 - 2014-02-25 17:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2016-01-15 19:15 - 2010-08-23 08:12 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2016-01-15 19:14 - 2010-06-14 06:31 - 00744448 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2016-01-15 19:11 - 2013-07-16 16:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2016-01-15 19:11 - 2013-07-16 16:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2016-01-15 19:11 - 2013-07-16 16:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2016-01-15 19:09 - 2013-08-08 16:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2016-01-15 19:09 - 2013-07-02 18:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2016-01-15 19:09 - 2013-07-02 17:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2016-01-15 19:09 - 2009-03-18 03:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2016-01-15 19:08 - 2013-02-11 16:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2016-01-15 19:08 - 2013-02-11 16:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2016-01-15 19:05 - 2012-07-04 06:05 - 00139784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2016-01-15 19:04 - 2012-05-28 10:16 - 00536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2016-01-15 18:59 - 2011-04-21 05:37 - 00105472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2016-01-15 18:54 - 2013-11-27 12:21 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2016-01-15 18:54 - 2012-01-11 11:06 - 00003072 ____N C:\WINDOWS\system32\iacenc.dll
2016-01-15 18:54 - 2012-01-11 11:06 - 00003072 ____N C:\WINDOWS\system32\dllcache\iacenc.dll
2016-01-15 18:54 - 2011-07-08 06:02 - 00010496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2016-01-15 18:49 - 2010-10-11 06:59 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2016-01-15 18:07 - 2016-01-15 18:07 - 00000000 ____D C:\Program Files\CCleaner
2016-01-15 18:07 - 2016-01-15 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 20:11 - 2003-12-07 12:23 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Temp
2016-01-29 14:52 - 2009-07-14 09:05 - 00032430 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-29 12:07 - 2004-02-17 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-01-29 12:00 - 2003-11-15 09:00 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2016-01-29 11:59 - 2003-11-15 09:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 11:59 - 2003-11-15 09:02 - 00003638 _____ C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2016-01-29 11:58 - 2003-12-07 12:23 - 00000278 ___SH C:\Documents and Settings\office\NTUSER.INI
2016-01-29 11:57 - 2003-12-07 12:23 - 00000000 ____D C:\Documents and Settings\office
2016-01-28 15:46 - 2008-04-09 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-01-28 15:07 - 2004-02-17 15:00 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Google
2016-01-28 15:02 - 2004-02-17 15:00 - 00000000 ____D C:\Program Files\Google
2016-01-28 14:52 - 2009-06-16 09:12 - 00153088 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2016-01-28 14:43 - 2003-11-15 09:12 - 00000000 ____D C:\Program Files\Java
2016-01-28 14:25 - 2009-06-13 15:58 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-01-20 16:33 - 2009-06-03 07:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-01-20 16:33 - 2003-11-15 08:48 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2016-01-17 19:06 - 2003-11-15 08:47 - 00000000 ___HD C:\WINDOWS\INF
2016-01-17 17:00 - 2009-07-21 16:00 - 00000000 ____D C:\Documents and Settings\office\Desktop\Bids
2016-01-17 16:59 - 2008-05-07 14:12 - 00000000 ____D C:\Documents and Settings\office\Desktop\bk forms
2016-01-17 16:59 - 2005-04-19 12:29 - 00000000 ____D C:\Documents and Settings\office\Desktop\Window Sales Group
2016-01-17 16:54 - 2006-05-23 08:57 - 00000000 ____D C:\Documents and Settings\office\Desktop\Unused Desktop Shortcuts
2016-01-17 16:48 - 2008-05-07 20:55 - 00000000 ____D C:\Documents and Settings\office\Desktop\tims folder
2016-01-17 16:45 - 2004-04-28 14:32 - 00000000 ____D C:\Documents and Settings\office\Application Data\Adobe
2016-01-17 16:22 - 2004-04-28 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-01-17 16:09 - 2003-11-15 09:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-01-17 16:08 - 2009-09-30 12:21 - 00000000 ____D C:\Program Files\EagleVision
2016-01-17 16:06 - 2009-05-18 14:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\JELD-WEN
2016-01-17 16:03 - 2009-06-12 11:05 - 00000000 ____D C:\MQS
2016-01-17 15:20 - 2003-11-15 09:22 - 00071872 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-01-17 15:02 - 2004-04-28 14:32 - 00000000 ____D C:\Documents and Settings\office\Local Settings\Application Data\Adobe
2016-01-17 14:56 - 2004-02-20 10:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-17 14:55 - 2004-04-28 14:31 - 00000000 ____D C:\Program Files\Adobe
2016-01-17 13:33 - 2006-06-20 15:55 - 00000000 __RHD C:\Documents and Settings\office\Application Data\yahoo!
2016-01-17 12:58 - 2008-04-21 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-01-16 18:58 - 2002-09-03 11:42 - 00277352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-16 17:27 - 2003-12-07 12:23 - 00000000 ___RD C:\Documents and Settings\office\My Documents
2016-01-16 13:22 - 2008-04-09 13:51 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-01-15 22:34 - 2003-11-15 08:46 - 00000000 _RSHD C:\WINDOWS\system32\DLLCACHE
2016-01-15 22:18 - 2003-11-15 09:02 - 00533998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 22:12 - 2002-09-03 11:36 - 00000867 _____ C:\WINDOWS\WIN.INI
2016-01-15 22:09 - 2005-02-08 11:13 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-01-15 21:39 - 2003-11-15 09:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2016-01-15 21:39 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-15 21:15 - 2003-11-15 09:26 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-15 21:00 - 2005-05-21 15:40 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-15 20:33 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Outlook Express
2016-01-15 20:30 - 2003-11-15 08:48 - 00000000 ____D C:\Program Files\Movie Maker
2016-01-15 20:11 - 2009-10-01 03:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2016-01-15 18:10 - 2009-06-03 07:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-15 17:55 - 2003-11-15 08:47 - 00000000 ____D C:\WINDOWS\Help
==================== Files in the root of some directories =======
2004-01-05 16:23 - 2009-06-18 08:57 - 0012288 _____ () C:\Documents and Settings\office\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2004-01-07 14:59 - 2004-01-07 14:59 - 0000129 _____ () C:\Documents and Settings\office\Local Settings\Application Data\fusioncache.dat
2008-04-09 12:30 - 2008-04-09 12:30 - 0000032 _____ () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-01-02 13:58 - 2004-02-17 15:23 - 0000376 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-03-09 11:32 - 2008-06-27 20:47 - 0001365 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Here is the Spybot log
Search results from Spybot - Search & Destroy
1/29/2016 3:42:57 PM
Scan took 02:27:04.
34 items found.
Error: Error during scan! - Win32.Renos [1574|4178 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4179 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4180 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4181 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4182 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4183 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4184 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4185 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4186 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4187 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4188 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4189 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4190 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4191 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4192 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4193 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4194 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4195 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4196 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4197 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4198 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4199 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4200 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4201 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4202 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4203 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4204 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4205 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4206 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4207 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4208 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4209 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4210 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4211 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4212 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4213 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4214 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4215 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4216 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4217 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4218 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4219 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4220 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4221 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4222 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4223 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4224 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4225 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4226 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4227 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4228 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4229 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4230 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4231 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4232 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4233 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4234 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4235 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4236 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4237 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4238 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4239 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4240 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4241 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4242 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4243 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4244 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4245 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4246 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4247 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4248 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4249 - $7BA94522] (Out of memory)
Error: Error during scan! - Win32.Renos [1574|4250 - $7BA94522] (Out of memory)
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Documents and Settings\office\Application Data\Macromedia\Flash Player\#SharedObjects\YF64C5RD\s.yimg.com\com.conviva.livePass.sol
Properties.size=239
Properties.md5=7DA5CA12E0D0DA37BE2F20B4A872F398
Properties.filedate=1454100758
Properties.filedatetext=2016-01-29 12:52:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Documents and Settings\office\Application Data\Macromedia\Flash Player\#SharedObjects\YF64C5RD\v4s.yimg.com\com.conviva.livePass.sol
Properties.size=239
Properties.md5=EB3E4DDEE37185505C446BA76EBDC51B
Properties.filedate=1454104340
Properties.filedatetext=2016-01-29 13:52:19
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Zedo: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $D50C003B] Tracking cookie (Firefox: PE_C_ALL USERS (default-1454001749053)) (Browser: Cookie, nothing done)
Common Dialogs: [SBI $D50C003B] History (2 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Office\11.0\Word\Data\Settings
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-906592872-1445438531-2970854567-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Cookie: [SBI $49804B54] Browser: Cookie (976) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-01-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-01-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-01-27 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-01-20 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-08-12 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-01-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-01-13 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)