Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Referred by "Am I Infected?" Forum - Browser redirect/Trojan


  • This topic is locked This topic is locked
37 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 09:54 AM

Hi all,

 

I have been working with Broni to attempt to clean up a computer.  The big issue is slow computer and browser redirect.  Broni had me run multiple scans and we found and cleaned many items.  You can review all of the progress HERE

 

We thought we had it fixed, but as soon as the computer connected to the internet, many of the issues returned.  Frustrated, we ran several scans, again, cleaning many items, but upon the next scan they are back.  

 

The culprit program seems to be "Search Protect" and/or "Conduit".  AVG continues to "pop" with warnings about programs running from a temp folder:

 

 

Threat: Unknown

Object name: C:\WINDOWS\temp\setup__4615.exe
 
Threat: Adware Generic5.ANQA
Object name: C:\WINDOWS\temp\is-2RRBA.tmp\Select-N-Go_2010-5340.exe
 
Extended Element Information:
Process name: C:\WINDOWS\temp\is-5S1AN.tmp\tmp6.tmp
 
Threat: Adware Generic5.ANQA
Object name: C:\WINDOWS\temp\is-AU7ON.tmp\Select-N-Go_2010-5340.exe
 
Extended Element Information:
Process name: C:\WINDOWS\temp\is-VV3DU.tmp\tmp27.tmp

 

 
Here is the DDS log I was asked to attach:
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Dan Neinas at 0:12:27 on 2014-03-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2815.2112 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Bin\UpdateTool\UpdaterToolService.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - 
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351003811921
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.29.245.241:8500/activex/AMC.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A3165B01-DCEE-47AB-864B-0E966C11C3D4} : DHCPNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 27448]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-2-24 2363168]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-29 47640]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2234152]
R2 UpdateServiceTool;UpdateSoftware;c:\program files\bin\updatetool\UpdaterToolService.exe [2014-2-20 6656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
S2 Select-N-Go;Select-N-Go;c:\program files\select-n-go\select-n-go154.exe --> c:\program files\select-n-go\Select-N-Go154.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-7-1 45208]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2011-7-1 12952]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-17 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 30 ================
.
2014-03-02 03:05:11 -------- d-----w- c:\documents and settings\dan neinas\local settings\application data\SearchProtect
2014-03-02 03:04:58 -------- d-----w- c:\program files\SearchProtect
2014-03-02 00:55:50 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-03-02 00:55:50 -------- d-----w- c:\program files\Select-N-Go-soft
2014-02-28 04:09:10 -------- d-----w- C:\AdwCleaner
2014-02-26 02:44:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-02-26 02:44:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-02-26 02:44:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-02-26 02:44:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-02-26 02:44:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-02-25 03:32:17 -------- d-----w- c:\program files\WOT
2014-02-22 16:02:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-02-22 16:01:17 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-21 01:16:34 -------- d-----w- c:\program files\TempInstaller
2014-02-21 01:14:54 -------- d-----w- c:\program files\Select-N-Go
2014-02-21 01:07:28 -------- d-----w- c:\documents and settings\all users\application data\Updater
2014-02-21 01:06:52 -------- d-----w- c:\program files\Bin
2014-02-21 01:06:51 -------- d-----w- c:\program files\YTD Downloader
2014-02-19 18:45:59 -------- d-----w- c:\documents and settings\dan neinas\application data\AVG
2014-02-19 18:43:36 -------- d-----w- c:\documents and settings\all users\application data\AVG
2014-02-19 18:43:07 -------- d-sh--w- c:\documents and settings\all users\application data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
.
==================== Find3M  ====================
.
2014-02-28 13:14:56 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-01-28 22:44:42 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-01-28 22:44:42 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-01-28 22:44:41 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-01-28 22:44:41 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-01-20 03:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-17 22:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 22:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-13 22:44:26 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-12-13 22:44:25 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH:  0:13:06.54 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 11:38 AM

:welcome:

Hello bomber1712,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 12:01 PM

Security Check log:

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 5% 
````````````````````End of Log`````````````````````` 
 
FRST Log:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2014 02
Ran by Dan Neinas (administrator) on NEINASHOMEPC on 02-03-2014 10:58:13
Running from C:\Documents and Settings\Dan Neinas\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(VIS without Co) C:\Program Files\Bin\UpdateTool\UpdaterToolService.exe
(TeamViewer GmbH) c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\tv_w32.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16377344 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1390067357-448539723-839522115-1003\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name - {a235e1e3-6296-4710-af39-104a7faa6c7c} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: No Name - {f236ca79-3123-4afb-9f74-e98117ad5625} -  No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} 
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://69.29.245.241:8500/activex/AMC.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR Extension: (WOT) - C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-24]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-17]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-07-01] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 UpdateServiceTool; C:\Program Files\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co)
S2 Select-N-Go; C:\Program Files\Select-N-Go\Select-N-Go154.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
S3 PSMounter; C:\WINDOWS\system32\drivers\psmounter.sys [45208 2011-07-01] (Macrium Software)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16024 2011-07-01] (Macrium Software)
S3 PSVolAcc; C:\WINDOWS\system32\Drivers\PSVolAcc.sys [12952 2011-07-01] (Paramount Software UK Ltd)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [50688 2006-12-02] (Sonic Solutions)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2014-02-28] ()
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [259712 2007-05-03] (Marvell)
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\DANNEI~1\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-02 10:58 - 2014-03-02 10:58 - 00013394 _____ () C:\Documents and Settings\Dan Neinas\Desktop\FRST.txt
2014-03-02 10:57 - 2014-03-02 10:58 - 00000000 ____D () C:\FRST
2014-03-02 10:57 - 2014-03-02 10:57 - 00000914 _____ () C:\Documents and Settings\Dan Neinas\Desktop\checkup.txt
2014-03-02 10:46 - 2014-03-02 16:45 - 01145344 _____ (Farbar) C:\Documents and Settings\Dan Neinas\Desktop\FRST.exe
2014-03-02 10:46 - 2014-03-02 16:45 - 00987425 _____ () C:\Documents and Settings\Dan Neinas\Desktop\SecurityCheck.exe
2014-03-02 00:13 - 2014-03-02 00:14 - 00015562 _____ () C:\Documents and Settings\Dan Neinas\Desktop\dds.txt
2014-03-02 00:13 - 2014-03-02 00:13 - 00034517 _____ () C:\Documents and Settings\Dan Neinas\Desktop\attach.txt
2014-03-01 22:32 - 2014-03-02 10:36 - 00000378 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2014-03-01 21:05 - 2014-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\SearchProtect
2014-03-01 21:04 - 2014-03-01 21:05 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-01 20:24 - 2014-03-01 20:22 - 00688992 ____R (Swearware) C:\Documents and Settings\Dan Neinas\Desktop\dds.com
2014-03-01 19:40 - 2014-03-01 19:40 - 00001047 _____ () C:\Documents and Settings\Dan Neinas\Desktop\JRT.txt
2014-03-01 18:55 - 2014-03-01 21:32 - 00000378 _____ () C:\WINDOWS\Tasks\Select-N-Go Update.job
2014-03-01 18:55 - 2014-03-01 21:30 - 00000380 _____ () C:\WINDOWS\Tasks\Select-N-Go_wd.job
2014-03-01 18:55 - 2014-03-01 18:55 - 00000464 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-03-01 18:55 - 2014-03-01 18:55 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-03-01 18:55 - 2014-03-01 18:55 - 00000000 ____D () C:\Program Files\Select-N-Go-soft
2014-03-01 18:54 - 2014-03-01 18:55 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
2014-02-28 20:57 - 2014-02-28 20:57 - 00091343 _____ () C:\Documents and Settings\Dan Neinas\My Documents\spybot results.xps
2014-02-28 20:43 - 2014-02-27 18:43 - 00449915 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140228-204321.backup
2014-02-28 07:07 - 2014-02-28 07:07 - 00103526 _____ () C:\Documents and Settings\Dan Neinas\Desktop\AutoRuns.txt
2014-02-28 07:06 - 2014-02-28 07:06 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Autoruns
2014-02-28 07:03 - 2014-02-28 06:51 - 00550371 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Autoruns.zip
2014-02-27 22:09 - 2014-03-01 10:51 - 00000000 ____D () C:\AdwCleaner
2014-02-27 22:05 - 2014-02-27 21:59 - 01244192 _____ () C:\Documents and Settings\Dan Neinas\Desktop\adwcleaner.exe
2014-02-27 21:44 - 2014-02-27 21:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
2014-02-27 21:39 - 2014-03-01 19:30 - 00000000 ____D () C:\Avenger
2014-02-27 19:00 - 2014-03-01 10:35 - 00000568 _____ () C:\WINDOWS\wininit.ini
2014-02-27 18:43 - 2013-09-04 07:08 - 00449839 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140227-184303.backup
2014-02-26 17:06 - 2014-02-26 17:06 - 00001855 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Google Chrome (2).lnk
2014-02-25 20:44 - 2014-02-25 20:44 - 00001628 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-02-25 20:44 - 2014-02-25 20:44 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-25 20:44 - 2014-02-25 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-02-24 21:32 - 2014-02-24 21:32 - 00000000 ____D () C:\Program Files\WOT
2014-02-24 21:27 - 2014-02-24 21:27 - 00005974 _____ () C:\DelFix.txt
2014-02-24 17:29 - 2014-02-24 17:26 - 01037734 _____ (Thisisu) C:\Documents and Settings\Dan Neinas\Desktop\JRT.exe
2014-02-22 10:02 - 2014-02-22 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-22 10:01 - 2014-02-22 10:01 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-21 15:06 - 2014-03-01 21:30 - 00000432 _____ () C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Dan Neinas.job
2014-02-21 15:06 - 2014-03-01 15:14 - 00000422 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateXML_Dan Neinas.job
2014-02-21 15:06 - 2014-03-01 11:10 - 00000426 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Dan Neinas.job
2014-02-20 19:14 - 2014-02-24 19:18 - 00000000 ____D () C:\Program Files\Select-N-Go
2014-02-20 19:07 - 2014-02-24 19:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Updater
2014-02-20 19:06 - 2014-02-24 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Program Files\YTD Downloader
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Program Files\Bin
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YTD Downloader
2014-02-20 12:47 - 2014-02-20 12:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-02-19 12:46 - 2014-02-24 21:11 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Application Data\AVG
2014-02-19 12:43 - 2014-02-19 12:57 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-19 12:43 - 2014-02-19 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-02-19 12:33 - 2014-02-19 12:33 - 00000726 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-02-15 15:39 - 2014-02-15 15:39 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-02-12 03:25 - 2014-02-12 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 03:05 - 2014-02-12 03:05 - 00012479 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 03:03 - 2014-02-12 03:05 - 00005255 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 02:33 - 2014-02-12 03:25 - 00016244 _____ () C:\WINDOWS\KB2916036.log
 
==================== One Month Modified Files and Folders =======
 
2014-03-02 16:45 - 2014-03-02 10:46 - 01145344 _____ (Farbar) C:\Documents and Settings\Dan Neinas\Desktop\FRST.exe
2014-03-02 16:45 - 2014-03-02 10:46 - 00987425 _____ () C:\Documents and Settings\Dan Neinas\Desktop\SecurityCheck.exe
2014-03-02 10:58 - 2014-03-02 10:58 - 00013394 _____ () C:\Documents and Settings\Dan Neinas\Desktop\FRST.txt
2014-03-02 10:58 - 2014-03-02 10:57 - 00000000 ____D () C:\FRST
2014-03-02 10:57 - 2014-03-02 10:57 - 00000914 _____ () C:\Documents and Settings\Dan Neinas\Desktop\checkup.txt
2014-03-02 10:49 - 2013-02-20 18:06 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 10:36 - 2014-03-01 22:32 - 00000378 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2014-03-02 09:58 - 2010-10-18 09:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-02 08:27 - 2008-07-19 11:52 - 01777671 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-02 01:29 - 2008-07-29 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-02 00:33 - 2008-07-19 11:56 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-02 00:14 - 2014-03-02 00:13 - 00015562 _____ () C:\Documents and Settings\Dan Neinas\Desktop\dds.txt
2014-03-02 00:13 - 2014-03-02 00:13 - 00034517 _____ () C:\Documents and Settings\Dan Neinas\Desktop\attach.txt
2014-03-01 23:31 - 2012-10-06 19:09 - 00000470 ____H () C:\WINDOWS\Tasks\Standard Backup Process xml.job
2014-03-01 23:16 - 2008-07-19 06:03 - 00000000 ____D () C:\WINDOWS\repair
2014-03-01 23:15 - 2008-07-19 11:50 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-01 22:49 - 2013-02-20 18:06 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 21:32 - 2014-03-01 18:55 - 00000378 _____ () C:\WINDOWS\Tasks\Select-N-Go Update.job
2014-03-01 21:32 - 2013-08-12 08:03 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job
2014-03-01 21:32 - 2013-08-12 08:03 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1390067357-448539723-839522115-1003.job
2014-03-01 21:31 - 2014-01-28 17:40 - 00000759 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-03-01 21:31 - 2008-07-19 06:14 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-03-01 21:31 - 2008-07-19 06:14 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-01 21:31 - 2006-02-28 06:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-01 21:30 - 2014-03-01 18:55 - 00000380 _____ () C:\WINDOWS\Tasks\Select-N-Go_wd.job
2014-03-01 21:30 - 2014-02-21 15:06 - 00000432 _____ () C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Dan Neinas.job
2014-03-01 21:30 - 2013-02-20 18:15 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-448539723-839522115-1003.job
2014-03-01 21:30 - 2010-12-09 19:56 - 00000322 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2014-03-01 21:30 - 2010-03-17 20:09 - 00000236 _____ () C:\WINDOWS\Tasks\OGALogon.job
2014-03-01 21:30 - 2008-07-19 12:00 - 00032412 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-01 21:30 - 2008-07-19 12:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-01 21:29 - 2013-09-11 02:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876315$
2014-03-01 21:29 - 2008-07-19 12:01 - 00000278 ___SH () C:\Documents and Settings\Dan Neinas\ntuser.ini
2014-03-01 21:05 - 2014-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Local Settings\Application Data\SearchProtect
2014-03-01 21:05 - 2014-03-01 21:04 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-01 20:22 - 2014-03-01 20:24 - 00688992 ____R (Swearware) C:\Documents and Settings\Dan Neinas\Desktop\dds.com
2014-03-01 19:54 - 2013-02-20 18:15 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job
2014-03-01 19:40 - 2014-03-01 19:40 - 00001047 _____ () C:\Documents and Settings\Dan Neinas\Desktop\JRT.txt
2014-03-01 19:30 - 2014-02-27 21:39 - 00000000 ____D () C:\Avenger
2014-03-01 18:55 - 2014-03-01 18:55 - 00000464 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-03-01 18:55 - 2014-03-01 18:55 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-03-01 18:55 - 2014-03-01 18:55 - 00000000 ____D () C:\Program Files\Select-N-Go-soft
2014-03-01 18:55 - 2014-03-01 18:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
2014-03-01 17:51 - 2011-08-12 02:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570222$
2014-03-01 15:14 - 2014-02-21 15:06 - 00000422 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateXML_Dan Neinas.job
2014-03-01 11:10 - 2014-02-21 15:06 - 00000426 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Dan Neinas.job
2014-03-01 10:51 - 2014-02-27 22:09 - 00000000 ____D () C:\AdwCleaner
2014-03-01 10:35 - 2014-02-27 19:00 - 00000568 _____ () C:\WINDOWS\wininit.ini
2014-03-01 07:21 - 2009-10-23 19:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-28 21:04 - 2013-12-11 03:20 - 00259864 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-28 20:57 - 2014-02-28 20:57 - 00091343 _____ () C:\Documents and Settings\Dan Neinas\My Documents\spybot results.xps
2014-02-28 19:50 - 2011-09-15 08:13 - 03045791 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-448539723-839522115-1003-0.dat
2014-02-28 19:50 - 2011-09-15 08:13 - 00388482 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-28 18:00 - 2012-04-21 14:35 - 00000440 _____ () C:\WINDOWS\Tasks\BackupsFilePurger.job
2014-02-28 09:03 - 2013-08-12 08:03 - 00000336 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job
2014-02-28 07:15 - 2013-06-24 17:57 - 00076801 _____ () C:\WINDOWS\setupapi.log
2014-02-28 07:14 - 2012-08-17 19:32 - 00013024 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-02-28 07:07 - 2014-02-28 07:07 - 00103526 _____ () C:\Documents and Settings\Dan Neinas\Desktop\AutoRuns.txt
2014-02-28 07:06 - 2014-02-28 07:06 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Autoruns
2014-02-28 06:51 - 2014-02-28 07:03 - 00550371 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Autoruns.zip
2014-02-27 22:12 - 2013-04-11 06:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-02-27 21:59 - 2014-02-27 22:05 - 01244192 _____ () C:\Documents and Settings\Dan Neinas\Desktop\adwcleaner.exe
2014-02-27 21:46 - 2013-12-21 19:46 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Application Data\Skype
2014-02-27 21:45 - 2011-09-13 17:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Garmin
2014-02-27 21:44 - 2014-02-27 21:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
2014-02-27 21:44 - 2011-09-13 17:44 - 00000000 ____D () C:\Program Files\Garmin
2014-02-27 21:39 - 2013-11-13 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-02-27 18:43 - 2014-02-28 20:43 - 00449915 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140228-204321.backup
2014-02-26 17:06 - 2014-02-26 17:06 - 00001855 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Google Chrome (2).lnk
2014-02-26 09:40 - 2008-08-08 18:40 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Budget
2014-02-25 20:44 - 2014-02-25 20:44 - 00001628 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-02-25 20:44 - 2014-02-25 20:44 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-25 20:44 - 2014-02-25 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-02-25 20:13 - 2012-08-19 11:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-25 14:49 - 2008-12-24 17:36 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Sports folders
2014-02-24 21:32 - 2014-02-24 21:32 - 00000000 ____D () C:\Program Files\WOT
2014-02-24 21:30 - 2010-04-04 12:44 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Utilities
2014-02-24 21:27 - 2014-02-24 21:27 - 00005974 _____ () C:\DelFix.txt
2014-02-24 21:27 - 2013-05-11 19:51 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-24 21:27 - 2008-07-19 12:01 - 00000000 ____D () C:\Documents and Settings\Dan Neinas
2014-02-24 21:19 - 2014-02-20 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter
2014-02-24 21:11 - 2014-02-19 12:46 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-02-24 19:18 - 2014-02-20 19:14 - 00000000 ____D () C:\Program Files\Select-N-Go
2014-02-24 19:18 - 2014-02-20 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Updater
2014-02-24 17:50 - 2008-07-19 13:34 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 17:26 - 2014-02-24 17:29 - 01037734 _____ (Thisisu) C:\Documents and Settings\Dan Neinas\Desktop\JRT.exe
2014-02-23 10:51 - 2013-09-27 14:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-02-22 10:42 - 2014-02-22 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-22 10:01 - 2014-02-22 10:01 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-21 23:52 - 2012-10-10 02:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2756822$
2014-02-21 06:58 - 2009-08-12 02:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2014-02-20 19:18 - 2008-07-21 18:23 - 00005908 _____ () C:\Documents and Settings\Dan Neinas\Desktop\MSN.url
2014-02-20 19:07 - 2008-12-30 16:10 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Application Data\Mozilla
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Program Files\YTD Downloader
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Program Files\Bin
2014-02-20 19:06 - 2014-02-20 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YTD Downloader
2014-02-20 12:47 - 2014-02-20 12:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-02-19 16:29 - 2012-05-30 14:50 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Downriggers
2014-02-19 12:57 - 2014-02-19 12:43 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-19 12:57 - 2012-08-19 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-02-19 12:57 - 2009-08-17 20:46 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Application Data\HpUpdate
2014-02-19 12:56 - 2008-07-19 14:05 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\CD Label Making
2014-02-19 12:47 - 2008-07-19 12:00 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-02-19 12:46 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-02-19 12:45 - 2014-02-19 12:45 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Application Data\AVG
2014-02-19 12:33 - 2014-02-19 12:33 - 00000726 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-02-19 12:33 - 2013-11-26 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-02-17 07:44 - 2010-04-04 12:41 - 00002497 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Microsoft Office Word 2003 (2).lnk
2014-02-15 15:40 - 2014-02-15 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-02-15 15:40 - 2013-02-10 14:20 - 00000000 ____D () C:\Program Files\Google
2014-02-15 15:39 - 2014-02-15 15:39 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-02-15 15:39 - 2013-02-10 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-02-15 15:28 - 2011-01-06 19:12 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Online Purchases
2014-02-15 15:23 - 2008-08-05 11:38 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Dan's Miscellaneous Folder
2014-02-15 15:17 - 2008-07-19 15:47 - 00000000 ____D () C:\Program Files\DesignPro
2014-02-15 11:55 - 2010-11-24 16:24 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Warranty Receipts #2
2014-02-14 09:17 - 2012-07-31 18:00 - 00000205 _____ () C:\Documents and Settings\Dan Neinas\Desktop\E-Bay.url
2014-02-12 03:25 - 2014-02-12 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 03:25 - 2014-02-12 02:33 - 00016244 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 03:25 - 2013-05-16 02:03 - 00031357 _____ () C:\WINDOWS\updspapi.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00276386 _____ () C:\WINDOWS\iis6.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00259676 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00124152 _____ () C:\WINDOWS\ocgen.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00118482 _____ () C:\WINDOWS\tsoc.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00085202 _____ () C:\WINDOWS\comsetup.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00077788 _____ () C:\WINDOWS\msmqinst.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00051696 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00045486 _____ () C:\WINDOWS\netfxocm.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00017850 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00014364 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00013062 _____ () C:\WINDOWS\tabletoc.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00012978 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 03:25 - 2013-05-16 02:01 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 03:24 - 2008-07-19 12:05 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 03:19 - 2008-07-19 06:12 - 00605186 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 03:14 - 2013-08-15 02:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 03:11 - 2008-07-20 17:04 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 03:05 - 2014-02-12 03:05 - 00012479 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 03:05 - 2014-02-12 03:03 - 00005255 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 03:05 - 2013-05-16 02:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 03:05 - 2009-06-24 06:02 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-09 12:00 - 2013-06-24 17:55 - 00000385 _____ () C:\Documents and Settings\Dan Neinas\Desktop\Bayshore view water condition.url
2014-02-09 11:59 - 2014-01-30 13:38 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\2014 Deer Book
2014-02-09 10:25 - 2011-05-02 15:41 - 00000240 _____ () C:\Documents and Settings\Dan Neinas\Desktop\chase.com-.url
2014-02-06 03:54 - 2007-08-13 17:39 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2006-02-28 06:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 17:26 - 2012-06-13 18:18 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 17:26 - 2010-06-10 18:00 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 17:26 - 2009-06-24 06:02 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 17:26 - 2009-06-24 06:02 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 17:26 - 2008-07-20 17:06 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 17:26 - 2008-07-20 17:06 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 17:26 - 2008-07-20 17:06 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 17:26 - 2008-07-20 17:06 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 17:26 - 2008-04-21 00:44 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 17:26 - 2008-04-21 00:44 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 17:26 - 2007-08-13 17:54 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 17:26 - 2007-08-13 17:45 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 17:26 - 2007-08-13 17:44 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 17:26 - 2007-08-13 17:44 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 17:26 - 2007-08-13 17:44 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 17:26 - 2007-08-13 17:42 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 17:26 - 2007-08-13 17:39 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 17:26 - 2007-08-13 17:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 17:26 - 2006-02-28 06:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 17:26 - 2006-02-28 06:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 16:24 - 2006-02-28 06:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-01 08:52 - 2012-06-04 09:19 - 00000000 ____D () C:\Documents and Settings\Dan Neinas\Desktop\Medicare Phone #
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Addition Log:
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-03-2014 02
Ran by Dan Neinas at 2014-03-02 10:58:40
Running from C:\Documents and Settings\Dan Neinas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AiO_Scan_CDA (Version: 70.0.149.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 70.0.149.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1016 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0614.2138 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.39-070614a-050449C-Acer - )
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avery DesignPro (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version:  - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
BackupsFilePurger_Setup (HKLM\...\{6D81C9EA-766E-4D68-92E5-8B786338EE01}) (Version: 1.0.0 - StoredLogic, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 70.0.149.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 70.0.149.000 - Hewlett-Packard) Hidden
C4600 (Version: 130.0.425.000 - Hewlett-Packard) Hidden
Camera Support Core Library (Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (Version: 5.2 - Canon) Hidden
Camera Window DVC (Version: 5.4 - Canon) Hidden
Camera Window MC (Version: 5.4 - Canon) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon)
Canon Camera Window DS for ZoomBrowser EX (HKLM\...\InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM\...\InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}) (Version: 1.3.1.21 - Canon)
Canon PhotoRecord (HKLM\...\{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}) (Version: 02.02.02000 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.02.0100 - Canon)
Catalyst Control Center Core Implementation (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0614.2139.36855 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0614.2139.36855 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Czech (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Danish (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Dutch (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help English (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Finnish (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help French (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help German (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Greek (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Italian (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Japanese (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Korean (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Polish (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Russian (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Spanish (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Swedish (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Thai (Version: 2007.0614.2138.36855 - ATI) Hidden
CCC Help Turkish (Version: 2007.0614.2138.36855 - ATI) Hidden
ccc-core-preinstall (Version: 2007.0614.2139.36855 - ATI) Hidden
ccc-core-static (Version: 2007.0614.2139.36855 - ATI) Hidden
ccc-utility (Version: 2007.0614.2139.36855 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DriverUpdate (HKLM\...\{069A06F9-10B2-444A-8455-DC6131666772}) (Version: 2.2.22862 - SlimWare Utilities, Inc.)
Elevated Installer (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Fax_CDA (Version: 70.0.149.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Glary Utilities 2.54.0.1759 (HKLM\...\Glary Utilities_is1) (Version: 2.54.0.1759 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hallmark Card Studio 2004 (HKLM\...\InstallShield_{48AE3EB9-383B-4D4F-BB79-2719D5F567BE}) (Version: 1.0.0 - Sierra Entertainment Inc.)
Hallmark Card Studio 2004 (Version: 1.0.0 - Sierra Entertainment Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Honda Marine v4.00 (HKLM\...\Honda Marine v4.00_is1) (Version:  - )
Hoyle Casino 4 (HKLM\...\Hoyle Casino 4) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart and Deskjet 7.0.A (HKLM\...\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}) (Version:  - HP)
HP Photosmart Appliance Printer Driver Software 9.0 (HKLM\...\{0F0A0506-9A9C-406a-999D-0D5A92EBC14B}) (Version: 9.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Icon Restore 1.0 (HKLM\...\Icon Restore_is1) (Version:  - Tim Taylor)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.54.11 - Logitech, Inc.)
Logitech Harmony Remote Software (HKLM\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.5.0.10 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.5.0.10 - Logitech) Hidden
LogMeIn (HKLM\...\{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}) (Version: 4.0.734 - LogMeIn, Inc.)
Lowrance HDS 4.0 (HKLM\...\{7073D95E-CE8D-40AE-9C4E-3868419829FA}) (Version: 4.0 - Lowrance Electronics)
Lowrance LMS-522C iGPS Demo (HKLM\...\{96320DDD-329D-46E8-AAFF-D10DB8ABC2D1}) (Version:  - )
Macrium Reflect - Free Edition (HKLM\...\{986389BF-2AE7-4C4D-B284-519BA869EDD1}) (Version: 4.2.2082 - Macrium)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
MovieEdit Task (Version: 1.3.1.21 - Canon) Hidden
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewCopy_CDA (Version: 70.0.149.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.14 - Canon) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD SE (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ProductContextNPI (Version: 70.0.149.000 - Hewlett-Packard) Hidden
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000 - Hewlett-Packard) Hidden
ps_app_npi_software (Version: 90.0.169.000 - Hewlett-Packard) Hidden
ps_app_npi_software_req (Version: 90.0.169.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAW Image Task 2.1 (Version: 2.1 - Canon) Hidden
Readme (Version: 70.0.149.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5436 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Roxio)
Roxio Easy CD and DVD Burning (HKLM\...\{6599091B-D42D-4765-ABC3-8B25E844C746}) (Version: 9.0.554 - Roxio)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
Search Protect (HKLM\...\SearchProtect) (Version: 2.10.31.0 - Conduit) <==== ATTENTION
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Select-N-Go (HKLM\...\ececba92-49db-489a-afcb-a595a89efdaf) (Version:  - Select-N-Go Software)
Select-N-Go (HKLM\...\f5d23d16-5de9-4f7b-82e5-736d53644052) (Version:  - Select-N-Go Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skins (Version: 2007.0614.2139.36855 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
TeamViewer 6 Host (HKLM\...\TeamViewer 6 Host) (Version: 6.0.9947 - TeamViewer GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
YTD Downloader version 1.5 (HKLM\...\{DC866C1E-B796-4BD2-93B8-B5706AC5B5CC}_is1) (Version: 1.5 - BoozedProgrammer)
 
==================== Restore Points  =========================
 
25-02-2014 03:27:12 System Checkpoint
25-02-2014 03:27:12 System Checkpoint
25-02-2014 03:27:13 System Checkpoint
25-02-2014 03:27:13 System Checkpoint
25-02-2014 03:27:13 System Checkpoint
25-02-2014 03:27:13 System Checkpoint
25-02-2014 03:27:14 System Checkpoint
25-02-2014 03:27:14 System Checkpoint
25-02-2014 03:27:15 System Checkpoint
25-02-2014 03:27:15 System Checkpoint
25-02-2014 03:27:15 Software Distribution Service 3.0
25-02-2014 03:27:16 System Checkpoint
25-02-2014 03:27:16 System Checkpoint
25-02-2014 03:27:16 Software Distribution Service 3.0
25-02-2014 03:27:16 Printer Driver LogMeIn Printer Driver Installed
25-02-2014 03:27:17 System Checkpoint
25-02-2014 03:27:17 System Checkpoint
25-02-2014 03:27:17 System Checkpoint
25-02-2014 03:27:18 System Checkpoint
25-02-2014 03:27:19 System Checkpoint
25-02-2014 03:27:19 System Checkpoint
25-02-2014 03:27:20 System Checkpoint
25-02-2014 03:27:21 System Checkpoint
25-02-2014 03:27:21 System Checkpoint
25-02-2014 03:27:22 System Checkpoint
25-02-2014 03:27:22 System Checkpoint
25-02-2014 03:27:23 System Checkpoint
25-02-2014 03:27:24 System Checkpoint
25-02-2014 03:27:24 System Checkpoint
25-02-2014 03:27:25 System Checkpoint
25-02-2014 03:27:26 System Checkpoint
25-02-2014 03:27:26 System Checkpoint
25-02-2014 03:27:26 System Checkpoint
25-02-2014 03:27:27 System Checkpoint
25-02-2014 03:27:27 System Checkpoint
25-02-2014 03:27:27 System Checkpoint
25-02-2014 03:27:28 System Checkpoint
25-02-2014 03:27:28 System Checkpoint
25-02-2014 03:27:28 System Checkpoint
25-02-2014 03:27:28 System Checkpoint
25-02-2014 03:27:28 System Checkpoint
25-02-2014 03:27:29 System Checkpoint
25-02-2014 03:27:29 System Checkpoint
25-02-2014 03:27:30 Software Distribution Service 3.0
25-02-2014 03:27:30 Software Distribution Service 3.0
25-02-2014 03:27:30 System Checkpoint
25-02-2014 03:27:30 System Checkpoint
25-02-2014 03:27:31 System Checkpoint
25-02-2014 03:27:31 System Checkpoint
25-02-2014 03:27:31 System Checkpoint
25-02-2014 03:27:32 System Checkpoint
25-02-2014 03:27:33 System Checkpoint
25-02-2014 03:27:33 System Checkpoint
25-02-2014 03:27:33 System Checkpoint
25-02-2014 03:27:33 System Checkpoint
25-02-2014 03:27:33 Printer Driver LogMeIn Printer Driver Installed
25-02-2014 03:27:34 System Checkpoint
25-02-2014 03:27:34 System Checkpoint
25-02-2014 03:27:34 System Checkpoint
25-02-2014 03:27:34 System Checkpoint
25-02-2014 03:27:35 System Checkpoint
25-02-2014 03:27:35 System Checkpoint
25-02-2014 03:27:35 System Checkpoint
25-02-2014 03:27:36 System Checkpoint
25-02-2014 03:27:36 System Checkpoint
25-02-2014 03:27:36 Software Distribution Service 3.0
25-02-2014 03:27:37 System Checkpoint
25-02-2014 03:27:37 System Checkpoint
25-02-2014 03:27:37 System Checkpoint
25-02-2014 03:27:38 System Checkpoint
25-02-2014 03:27:38 System Checkpoint
25-02-2014 03:27:38 Installed AVG 2014
25-02-2014 03:27:38 Removed AVG 2014
25-02-2014 03:27:38 Installed AVG PC TuneUp 2014
25-02-2014 03:27:38 System Checkpoint
25-02-2014 03:27:39 System Checkpoint
25-02-2014 03:27:39 System Checkpoint
25-02-2014 03:27:39 System Checkpoint
25-02-2014 03:27:39 Revo Uninstaller's restore point - AVG PC TuneUp 2014
25-02-2014 03:27:40 Removed AVG PC TuneUp 2014
25-02-2014 03:27:40 Removed AVG PC TuneUp 2014 (en-US)
25-02-2014 03:27:48 End of disinfection
25-02-2014 03:32:16 Installed WOT for Internet Explorer
26-02-2014 09:24:48 System Checkpoint
27-02-2014 16:49:46 System Checkpoint
28-02-2014 03:44:11 Garmin Express
28-02-2014 03:45:28 Garmin Express
01-03-2014 04:10:04 System Checkpoint
01-03-2014 23:50:24 Revo Uninstaller's restore point - Search Protect
 
==================== Hosts content: ==========================
 
2006-02-28 06:00 - 2014-02-28 20:43 - 00449915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\WINDOWS\TEMP\is-V5F7L.tmp\%APPDATA%\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\BackupsFilePurger.job => C:\Program Files\StoredLogic, LLC\BackupsFilePurger_Setup\BackupsFilePurger.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1390067357-448539723-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-448539723-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-448539723-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Dan Neinas.job => C:\Documents and Settings\Dan Neinas\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.80\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_Dan Neinas.job => C:\Documents and Settings\Dan Neinas\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.80\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Dan Neinas.job => C:\Documents and Settings\Dan Neinas\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.80\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\Select-N-Go Update.job => C:\Program Files\Select-N-Go-soft\Selec.exe
Task: C:\WINDOWS\Tasks\Select-N-Go_wd.job => C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
Task: C:\WINDOWS\Tasks\Standard Backup Process xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-01 18:55 - 2014-03-01 18:55 - 00093184 _____ () C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
2008-07-20 14:42 - 2006-11-01 07:58 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-07-01 06:21 - 2011-07-01 05:55 - 00220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2006-02-28 06:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 06:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2014 07:52:50 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. 
 
 
DETAIL - The process cannot access the file because it is being used by another process.
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. 
 
 
DETAIL - The process cannot access the file because it is being used by another process.  for C:\Documents and Settings\LocalService\ntuser.dat
 
Error: (02/28/2014 08:58:18 PM) (Source: Application Error) (User: )
Description: Faulting application xpsviewer.exe, version 3.0.6920.4050, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [xpsviewer.exe!ws!]
 
Error: (02/25/2014 08:29:41 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x0014c723.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (02/19/2014 08:35:53 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (02/16/2014 00:48:21 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/15/2014 03:43:49 PM) (Source: Application Hang) (User: )
Description: Hanging application Skype.exe, version 6.11.60.102, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/11/2014 06:50:47 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (03/01/2014 09:31:55 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (03/01/2014 09:31:55 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.
 
Error: (03/01/2014 07:54:16 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (03/01/2014 07:54:16 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.
 
Error: (03/01/2014 07:37:01 PM) (Source: Service Control Manager) (User: )
Description: The UpdateSoftware service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2014 07:32:12 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (03/01/2014 07:32:12 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.
 
Error: (03/01/2014 05:53:52 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (03/01/2014 05:53:52 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.
 
Error: (03/01/2014 01:33:04 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2014 07:52:50 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: 
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: 
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
 
Error: (03/01/2014 07:52:50 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process. C:\Documents and Settings\LocalService\ntuser.dat
 
Error: (02/28/2014 08:58:18 PM) (Source: Application Error)(User: )
Description: xpsviewer.exe3.0.6920.4050kernel32.dll5.1.2600.629300012fd3
 
Error: (02/25/2014 08:29:41 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235620014c723
 
Error: (02/19/2014 08:35:53 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)
 
Error: (02/16/2014 00:48:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (02/15/2014 03:43:49 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.11.60.102hungapp0.0.0.000000000
 
Error: (02/11/2014 06:50:47 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE11.0.8326.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 2815.42 MB
Available physical RAM: 2061.26 MB
Total Pagefile: 4702.44 MB
Available Pagefile: 4060.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.66 MB
 
==================== Drives ================================
 
Drive c: (Western Digital Local HD) (Fixed) (Total:298.08 GB) (Free:239.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: (Backup_Storage) (Fixed) (Total:288.33 GB) (Free:137.28 GB) NTFS
Drive j: (Brf Bakup 1) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF 1.50
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 280D280C)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 298 GB) (Disk ID: 11D33467)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 12:14 PM

Hello bomber1712,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
C:\Program Files\Select-N-Go
C:\Program Files\SearchProtect
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 12:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 02
Ran by Dan Neinas at 2014-03-02 11:23:31 Run:1
Running from C:\Documents and Settings\Dan Neinas\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
C:\Program Files\Select-N-Go
C:\Program Files\SearchProtect
end
*****************
 
[3748] C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => Process closed successfully.
[3804] C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe => Process closed successfully.
[3816] C:\Program Files\SearchProtect\UI\bin\cltmngui.exe => Process closed successfully.
"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
CltMngSvc => Service deleted successfully.
C:\Program Files\Select-N-Go => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 12:32 PM

Hello bomber1712,

1. Java
1.1 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.2 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 03:04 PM


  • Make sure that the option "Remove found threats" is Unchecked

Just to make sure, you do NOT want Eset to remove threats?



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 04:01 PM

Just to make sure, you do NOT want Eset to remove threats?

 

True, we only need the log. 

ESET could find things we should not delete.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 05:04 PM

Ok, here are the logs:

 

MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.02.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan Neinas :: NEINASHOMEPC [administrator]
 
3/2/2014 11:54:41 AM
mbam-log-2014-03-02 (11-54-41).txt
 
Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366635
Time elapsed: 1 hour(s), 7 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 19
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\Main\bin\SPTool.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\Main\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SearchProtect02-03-2014_11-23-31\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2159\A0176230.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2159\A0176233.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\nsr23.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\nsw1E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\nsa1B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\nsx26.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\setup__4793.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\nsq16\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
 
(end)
 
 
ESET:
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect107.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect149.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect153.zip Win32/Bagle.gen.zip worm
C:\Program Files\Select-N-Go-soft\Selec.exe a variant of Win32/AdWare.AddLyrics.AF application
C:\Program Files\Select-N-Go-soft\Select-N-Go155.exe a variant of Win32/AdWare.AD150.A application
C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe a variant of Win32/AdWare.AD150.A application
C:\Program Files\Select-N-Go-soft\Uninstall.exe Win32/AdWare.AddLyrics.AE application
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2151\A0174668.exe multiple threats
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2151\A0174669.exe a variant of Win32/AdWare.AD150.A application
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2151\A0174670.exe a variant of Win32/AdWare.AddLyrics.AF application
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2151\A0174671.exe a variant of Win32/AdWare.AD150.A application
C:\System Volume Information\_restore{63D6D35D-2A20-4EEE-AA42-6D4C70FE846E}\RP2151\A0174672.exe Win32/AdWare.AddLyrics.AE application
C:\WINDOWS\temp\setup__4615.exe a variant of Win32/Amonetize.AG potentially unwanted application
C:\WINDOWS\temp\setup__4793.exe a variant of Win32/Amonetize.AG potentially unwanted application
C:\WINDOWS\temp\Updater.exe a variant of Win32/Amonetize.AC potentially unwanted application
Operating memory a variant of Win32/AdWare.AD150.A application
 


#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 05:11 PM

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 05:31 PM

AVG still "popped" with a warning about a bad file in a temp folder.
I noticed in Chrome that if I search via the address bar, it briefly goes to search.conduit.com before heading to bing.
Internet explorer does not search from address bar.
 
Other than that, it seems to be running fine.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 02 March 2014 - 05:56 PM

Hello bomber1712,

if still present - delete the old fixlist.txt from your desktop
 

***

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
SearchScopes: HKLM - DefaultScope value is missing.
() C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
S2 Select-N-Go; C:\Program Files\Select-N-Go\Select-N-Go154.exe [X]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect149.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect153.zip
C:\Program Files\Select-N-Go-soft\Selec.exe
C:\Program Files\Select-N-Go-soft\Select-N-Go155.exe
C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
C:\Program Files\Select-N-Go-soft\Uninstall.exe
C:\Program Files\Select-N-Go-soft
C:\WINDOWS\temp\setup__4615.exe
C:\WINDOWS\temp\setup__4793.exe
C:\WINDOWS\temp\Updater.exe
end
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

***

How the computer is running now?

***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Edited by Jo*, 02 March 2014 - 06:05 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 02 March 2014 - 06:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 02
Ran by Dan Neinas at 2014-03-02 17:41:27 Run:2
Running from C:\Documents and Settings\Dan Neinas\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
() C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
S2 Select-N-Go; C:\Program Files\Select-N-Go\Select-N-Go154.exe [X]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect149.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect153.zip
C:\Program Files\Select-N-Go-soft\Selec.exe
C:\Program Files\Select-N-Go-soft\Select-N-Go155.exe
C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe
C:\Program Files\Select-N-Go-soft\Uninstall.exe
C:\Program Files\Select-N-Go-soft
C:\WINDOWS\temp\setup__4615.exe
C:\WINDOWS\temp\setup__4793.exe
C:\WINDOWS\temp\Updater.exe
end
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
[472] C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe => Process closed successfully.
Select-N-Go => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect107.zip => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect149.zip => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ConduitSearchProtect153.zip => Moved successfully.
C:\Program Files\Select-N-Go-soft\Selec.exe => Moved successfully.
C:\Program Files\Select-N-Go-soft\Select-N-Go155.exe => Moved successfully.
C:\Program Files\Select-N-Go-soft\Select-N-Go_wd.exe => Moved successfully.
C:\Program Files\Select-N-Go-soft\Uninstall.exe => Moved successfully.
C:\Program Files\Select-N-Go-soft => Moved successfully.
Could not move "C:\WINDOWS\temp\setup__4615.exe" => Scheduled to move on reboot.
C:\WINDOWS\temp\setup__4793.exe => Moved successfully.
C:\WINDOWS\temp\Updater.exe => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-02 17:42:42)<=
 
C:\WINDOWS\temp\setup__4615.exe => Is moved successfully.
 
==== End of Fixlog ====
 
This is all that the FRST Log said:
 
 
==================== End Of Log ============================


#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:08 PM

Posted 03 March 2014 - 04:42 AM

Hello bomber1712,
 

`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Reader 9
Adobe Reader XI
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107

***


Uninstall old versions:
Adobe Reader 9
Google Chrome 32.0.1700.102

Is all OK? Any remaining issues?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:04:08 PM

Posted 03 March 2014 - 07:43 AM

AVG popped up with a warning about a bad file in a temp folder.

When I search on Chrome, I still see the search.conduit.com briefly before it goes to BING.

 

Are these things that I should not worry about?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users