Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log


  • This topic is locked This topic is locked
56 replies to this topic

#1 twoboysdad

twoboysdad

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 March 2015 - 08:26 AM

Need help to clean up my computer. Can someone look at this log and tell me what to do?

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:06:43 AM, on 3/16/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fitbit\fitbit.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\AVG Web TuneUp\avgcefrend.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.4.0\ScriptHelper.exe
C:\Documents and Settings\Jeff M\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={6F233631-C0FA-4A58-8261-B389041C9C35}&mid=a5c9bfae98db47d394ccc14439cca419-2df0e8f6de78f34e528e0f673062ac659de25312&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-03-04 18:18:58&v=4.1.0.411&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: TakeTTheCoupon - {3aed8d01-459b-4d92-83b9-6c85fdeaa700} - C:\Program Files\TakeTTheCoupon\7xV6U2QfUjUwVE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [The Assistant] "C:\Program Files\a la mode\Sched\eSched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Fitbit Service Monitor] C:\Program Files\Fitbit\fitbit-tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -update activex
O4 - HKUS\S-1-5-21-856814538-4203512516-1295414859-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Libby R')
O4 - HKUS\S-1-5-21-856814538-4203512516-1295414859-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Libby R')
O4 - HKUS\S-1-5-21-856814538-4203512516-1295414859-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Grounds')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect" (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A6858057-8380-466B-AE5E-77BB8A551D7E} - https://vault.alamode.com/cab/vaultinstall.cab
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - https://vault.alamode.com/cab/vfd.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12-16655/support/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: vToolbarUpdater18.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 14345 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 16 March 2015 - 10:59 AM

Hello twoboysdad and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Sincerely

:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 March 2015 - 03:00 PM

Thank you for the quick reply

 

here is the log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jeff M at 2015-03-16 15:57:25
Running from C:\Documents and Settings\Jeff M\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
a la mode Competitor Conversion Plug-in (HKLM\...\{DABC0CAC-C604-495C-84E9-BEE2F557E969}) (Version: 6.54.0001 - a la mode, inc.)
a la mode Vault (HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\InstallShield_{BF36BCF3-FA5C-402B-AA20-3909B813142A}) (Version: 3.10 - a la mode, inc.)
a la mode Vault (Version: 3.10 - a la mode, inc.) Hidden
ACI Collection For Windows 2012 (HKLM\...\{03EBDBBF-20E5-4910-B406-533412F40BB6}) (Version: 1.00.168 - ACI)
ACI Core Files (HKLM\...\{C1067095-24AB-4BCD-B64B-BE83A9186DCE}) (Version: 2010 - )
ACI Desktop Additional Components  (HKLM\...\{B91E86A0-9F63-4E7E-9D53-2C0AB67BE15C}) (Version: 1.00.069 - ACI)
ACIGo.EService Update 8.6.8 (HKLM\...\{61913B89-9302-4F1A-B17C-A70073BCDAB4}) (Version: 8.6.8 - ACI)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Ads Remover (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Ads Remover) <==== ATTENTION
Apex IV ™ Appraiser - v2.9 (HKLM\...\Apex IV ™ Appraiser - v2.9) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
bpd_scan_Carrier (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
BuildFax.EService Update 8.7.101 (HKLM\...\{76C5D962-C8CC-4E75-887E-A06556F4CE5B}) (Version: 8.7.101 - ACI)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DigiHand (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c616b728}) (Version:  - DigiHand) <==== ATTENTION
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FileZilla Client 3.0.9.3 (HKLM\...\FileZilla Client) (Version: 3.0.9.3 - )
Fitbit Base Station (Driver Removal) (HKLM\...\FITBIT&10C4&84C4) (Version:  - Fitbit)
Fitbit v2.1.0.9 (HKLM\...\Fitbit Data Uploader_is1) (Version: 2.1.0.9 - Fitbit, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
L7500 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mercury Desktop (HKLM\...\{5DC0724E-4DC2-4F5D-AF63-9DBA6C731256}) (Version: 3.00.0015 - a la mode, inc.)
Mercury Desktop Supporting Applications (HKLM\...\{3D5094F3-DB26-4CD3-B7EC-BD47B310CBF0}) (Version: 1.00.0005 - a la mode, inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MPM (HKLM\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSInk1.7 (HKLM\...\{3734A505-F740-421A-8865-CACAB05E4E07}) (Version: 1.0.0 - a la mode)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetGear PS121v2 (HKLM\...\{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}) (Version: 1.00.2000 - Netgear)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Graphics Driver 296.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
pdfFactory (HKLM\...\pdfFactory) (Version: 4.80 - FinePrint Software, LLC)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Samsung Easy Deployment Manager (HKLM\...\Samsung Easy Deployment Manager) (Version: 1.00.31 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.61 (4/10/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.17.00(4/12/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM\...\Easy Wireless Setup) (Version: 3.60.25 - Samsung Electronics Co., Ltd.)
Samsung ML-1610 Series (HKLM\...\Samsung ML-1610 Series) (Version:  - )
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3400 Series (HKLM\...\Samsung SCX-3400 Series) (Version: 1.18 (7/1/2013) - Samsung Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SetIP (HKLM\...\SetIP) (Version: 1.05.03.00 - Samsung Electronics Co., Ltd.)
ShhoopDrop (HKLM\...\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}) (Version:  - "") <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOTAL (HKLM\...\{51D047D0-35E4-4C70-A99F-6BADA4C247E8}) (Version: 6.100.0111 - a la mode, inc.)
TOTAL Sketch (HKLM\...\{C7FC1034-3ECD-44B9-85D3-24C32EEC78F8}) (Version: 1.00.0051 - a la mode, inc.)
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WFG2.EService Update 8.6.92 (HKLM\...\{E6CA287A-30CC-4353-B8A2-E4483A759C71}) (Version: 8.6.92 - ACI)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
Wireless PCI Card Configuration Utility (HKLM\...\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-856814538-4203512516-1295414859-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-856814538-4203512516-1295414859-1005_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\Jeff M\Desktop\ADOBE_PHOTOSHOP_LICENSE_PATCH_CRACKED.exe No File

==================== Restore Points  =========================

17-12-2014 09:43:40 System Checkpoint
18-12-2014 10:43:40 System Checkpoint
19-12-2014 11:43:40 System Checkpoint
20-12-2014 12:43:40 System Checkpoint
21-12-2014 13:43:40 System Checkpoint
22-12-2014 13:47:25 System Checkpoint
23-12-2014 14:48:57 System Checkpoint
24-12-2014 15:35:46 System Checkpoint
25-12-2014 16:34:45 System Checkpoint
26-12-2014 17:33:45 System Checkpoint
27-12-2014 18:33:44 System Checkpoint
28-12-2014 18:57:49 System Checkpoint
29-12-2014 19:30:24 System Checkpoint
30-12-2014 20:28:58 System Checkpoint
31-12-2014 21:27:26 System Checkpoint
01-01-2015 22:27:26 System Checkpoint
02-01-2015 23:27:27 System Checkpoint
04-01-2015 00:27:29 System Checkpoint
05-01-2015 01:27:27 System Checkpoint
06-01-2015 02:27:26 System Checkpoint
07-01-2015 03:27:01 System Checkpoint
08-01-2015 04:27:01 System Checkpoint
09-01-2015 05:27:01 System Checkpoint
10-01-2015 06:27:01 System Checkpoint
11-01-2015 07:25:31 System Checkpoint
12-01-2015 08:25:32 System Checkpoint
13-01-2015 09:25:32 System Checkpoint
14-01-2015 04:00:17 Software Distribution Service 3.0
15-01-2015 04:24:54 System Checkpoint
16-01-2015 05:24:54 System Checkpoint
17-01-2015 06:24:57 System Checkpoint
18-01-2015 06:50:19 System Checkpoint
19-01-2015 07:51:23 System Checkpoint
20-01-2015 08:36:01 System Checkpoint
21-01-2015 09:36:01 System Checkpoint
22-01-2015 09:37:06 System Checkpoint
23-01-2015 10:36:01 System Checkpoint
24-01-2015 11:36:01 System Checkpoint
25-01-2015 13:32:16 System Checkpoint
26-01-2015 13:35:00 System Checkpoint
27-01-2015 13:39:21 System Checkpoint
28-01-2015 14:01:26 System Checkpoint
29-01-2015 15:01:26 System Checkpoint
30-01-2015 15:59:49 System Checkpoint
31-01-2015 16:58:37 System Checkpoint
01-02-2015 17:56:18 System Checkpoint
02-02-2015 17:57:23 System Checkpoint
03-02-2015 19:51:48 System Checkpoint
04-02-2015 19:53:26 System Checkpoint
05-02-2015 20:52:24 System Checkpoint
06-02-2015 22:33:08 System Checkpoint
08-02-2015 11:40:38 System Checkpoint
09-02-2015 15:09:50 System Checkpoint
10-02-2015 15:28:27 System Checkpoint
11-02-2015 04:00:32 Software Distribution Service 3.0
12-02-2015 04:15:25 System Checkpoint
13-02-2015 05:14:14 System Checkpoint
14-02-2015 06:13:13 System Checkpoint
15-02-2015 09:43:20 System Checkpoint
16-02-2015 10:01:22 System Checkpoint
17-02-2015 10:54:15 System Checkpoint
18-02-2015 13:24:52 System Checkpoint
19-02-2015 13:46:36 System Checkpoint
20-02-2015 14:45:35 System Checkpoint
21-02-2015 15:45:15 System Checkpoint
22-02-2015 16:45:15 System Checkpoint
23-02-2015 17:45:15 System Checkpoint
24-02-2015 18:36:49 System Checkpoint
25-02-2015 21:42:47 System Checkpoint
26-02-2015 22:35:16 System Checkpoint
27-02-2015 23:35:16 System Checkpoint
01-03-2015 10:13:35 System Checkpoint
02-03-2015 11:06:17 System Checkpoint
03-03-2015 11:09:55 System Checkpoint
04-03-2015 12:09:54 System Checkpoint
04-03-2015 18:46:57 Installed AVG 2015
04-03-2015 18:47:16 Removed AVG 2013
04-03-2015 18:48:04 Installed AVG 2015
04-03-2015 21:46:25 Installed Windows XP KB942288-v3.
04-03-2015 21:53:29 AA11
04-03-2015 23:55:25 AA11
05-03-2015 08:03:41 Restore Operation
05-03-2015 08:58:40 Restore Operation
05-03-2015 20:14:11 Removed Broadcom Gigabit Integrated Controller
05-03-2015 20:18:44 Software Distribution Service 3.0
05-03-2015 20:31:50 Software Distribution Service 3.0
07-03-2015 23:45:46 System Checkpoint
08-03-2015 23:47:24 System Checkpoint
10-03-2015 00:47:27 System Checkpoint
11-03-2015 01:47:26 System Checkpoint
12-03-2015 01:48:31 System Checkpoint
12-03-2015 03:00:35 Software Distribution Service 3.0
13-03-2015 03:47:26 System Checkpoint
14-03-2015 04:47:25 System Checkpoint
15-03-2015 04:47:38 System Checkpoint
16-03-2015 05:47:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-08-21 08:00 - 2008-08-21 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avayvaxvaa.job => C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa\avayvaxvaa.exe C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa\avayvaxvaa.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-08 12:48 - 2011-05-02 00:41 - 00024064 _____ () C:\WINDOWS\system32\ssm1mlm.dll
2015-03-03 19:25 - 2015-03-03 19:25 - 01635328 _____ () c:\Program Files\RelaySoft\RelaySoft.dll
2008-08-21 08:00 - 2008-08-21 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-05-06 04:45 - 2008-05-06 04:45 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-05 20:55 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-05 20:55 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-02-18 10:04 - 2007-05-23 11:39 - 00696320 _____ () C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
2012-02-18 10:04 - 2007-05-23 11:23 - 00147456 _____ () C:\Program Files\NETGEAR\PS121v2\Utility.dll
2012-03-09 10:58 - 2012-03-09 10:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2006-11-17 19:18 - 2006-11-17 19:18 - 00122880 _____ () C:\WINDOWS\system32\ala32.dll
2015-03-04 19:18 - 2015-03-04 19:18 - 01711128 ____N () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2015-03-05 20:55 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-08 12:29 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
2013-02-08 12:29 - 2013-10-30 19:14 - 00319488 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
2015-03-04 19:18 - 2015-03-04 19:17 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-03-04 19:18 - 2015-03-04 19:18 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2013-02-08 12:29 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
2013-02-08 12:29 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
2015-03-04 19:18 - 2015-03-14 09:26 - 00620056 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-03-04 19:18 - 2015-03-14 09:26 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2015-03-04 19:18 - 2015-03-14 09:26 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll
2015-03-09 23:42 - 2015-03-09 23:42 - 00586240 _____ () C:\Program Files\TakeTTheCoupon\7xV6U2QfUjUwVE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-856814538-4203512516-1295414859-1009\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-856814538-4203512516-1295414859-500 - Administrator - Enabled)
ASPNET (S-1-5-21-856814538-4203512516-1295414859-1010 - Limited - Enabled)
Grounds (S-1-5-21-856814538-4203512516-1295414859-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Grounds
Guest (S-1-5-21-856814538-4203512516-1295414859-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-856814538-4203512516-1295414859-1004 - Limited - Disabled)
Jeff M (S-1-5-21-856814538-4203512516-1295414859-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jeff M
Libby R (S-1-5-21-856814538-4203512516-1295414859-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Libby R
SUPPORT_388945a0 (S-1-5-21-856814538-4203512516-1295414859-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-856814538-4203512516-1295414859-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 08:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 08:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application googleearth.exe, version 7.1.2.2041, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 08:44:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module uiautomationcore.dll, version 7.0.2600.6153, fault address 0x0005b0dc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/05/2015 08:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 03:16:36 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 03:16:36 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/04/2015 11:55:38 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction . Error 5 occurred while ending the transaction.

Error: (03/04/2015 11:49:52 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction . Error 5 occurred while ending the transaction.

System errors:
=============
Error: (03/16/2015 03:48:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 03:48:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:56:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:56:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:55:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:55:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:54:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:54:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:53:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:53:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3582.07 MB
Available physical RAM: 2269.05 MB
Total Pagefile: 5608.42 MB
Available Pagefile: 568.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:121.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (SAMSUNG_MFP) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive e: (USB DISK) (Removable) (Total:1.8 GB) (Free:1.36 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 0557D988)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)

==================== End Of Log ============================



#4 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 March 2015 - 03:02 PM

i dont see where to attach the other file



#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 16 March 2015 - 04:14 PM

I do not see frst.txt file. Check the desktop. Or run the software again. please send logs by exactly.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 March 2015 - 05:16 PM

Here you go

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Jeff M (administrator) on CONCESSIONS on 16-03-2015 15:55:26
Running from C:\Documents and Settings\Jeff M\Desktop
Loaded Profiles: Jeff M & Libby R & Grounds & UpdatusUser (Available profiles: Jeff M & Libby R & Grounds & UpdatusUser & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Fitbit, Inc.) C:\Program Files\Fitbit\fitbit.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(a la mode, inc.) C:\Program Files\a la mode\Sched\eSched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(The Linksys Group, Inc.) C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Trend Micro Inc.) C:\Documents and Settings\Jeff M\Desktop\HijackThis.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PS121v2] => C:\Program Files\NETGEAR\PS121v2\PS121v2.exe [696320 2007-05-23] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [The Assistant] => C:\Program Files\a la mode\Sched\eSched.exe [99840 2007-04-16] (a la mode, inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-03-14] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Run: [Fitbit Service Monitor] => C:\Program Files\Fitbit\fitbit-tray.exe [2177056 2012-06-22] (Fitbit, Inc.)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-08-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\MountPoints2: {222fed07-537f-11e1-8a7b-806d6172696f} - D:\Setup.exe
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\MountPoints2: {6d740b94-a8df-11e2-b77b-100d7f284dea} - E:\LaunchU3.exe -a
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless PCI Card Configuration Utility.lnk
ShortcutTarget: Wireless PCI Card Configuration Utility.lnk -> C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe (The Linksys Group, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={6F233631-C0FA-4A58-8261-B389041C9C35}&mid=a5c9bfae98db47d394ccc14439cca419-2df0e8f6de78f34e528e0f673062ac659de25312&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-03-04 18:18:58&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bgbaseball.com/
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: [S-1-5-21-856814538-4203512516-1295414859-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {68941088-71BC-4514-A886-C03661EE1DF8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3277370&CUI=UN28790460832944929&UM=2
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6F233631-C0FA-4A58-8261-B389041C9C35}&mid=a5c9bfae98db47d394ccc14439cca419-2df0e8f6de78f34e528e0f673062ac659de25312&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2015-03-04 18:18:58&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {EF3087FA-1B49-4C2D-8776-16978A071514} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120310,6901,0,8,0
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: TakeTTheCoupon -> {3aed8d01-459b-4d92-83b9-6c85fdeaa700} -> C:\Program Files\TakeTTheCoupon\7xV6U2QfUjUwVE.dll [2015-03-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-14] (AVG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {A6858057-8380-466B-AE5E-77BB8A551D7E} https://vault.alamode.com/cab/vaultinstall.cab
DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} https://vault.alamode.com/cab/vfd.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12-16655/support/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-856814538-4203512516-1295414859-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Jeff M\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-04-20] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Jeff M\Application Data\mozilla\plugins\npatgpc.dll [2014-12-23] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-18]
FF HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.bgcs.k12.oh.us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Cisco WebEx Extension) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 c616b728; c:\Program Files\RelaySoft\RelaySoft.dll [1635328 2015-03-03] () [File not signed]
R2 Fitbit; C:\Program Files\Fitbit\fitbit.exe [773152 2012-06-22] (Fitbit, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-04] (AVG Secure Search)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)
R3 NETGEARUHOST; C:\WINDOWS\System32\DRIVERS\NETGEARUHOST.sys [12032 2007-03-08] (SerComm)
R3 NETGEARUHUB; C:\WINDOWS\System32\DRIVERS\NETGEARUHUB.sys [39424 2007-03-08] (SerComm)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123584 2012-03-22] (NVIDIA Corporation)
R3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 SIUSBXP; C:\WINDOWS\System32\drivers\SiUSBXp.sys [21992 2012-04-02] (Silicon Laboratories)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) [File not signed]
S3 WMP11; C:\WINDOWS\System32\DRIVERS\WMP11NDS.sys [54083 2002-05-16] (The Linksys Group, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 15:55 - 2015-03-16 15:56 - 00048624 _____ () C:\Documents and Settings\Jeff M\Desktop\FRST.txt
2015-03-16 15:55 - 2015-03-16 15:56 - 00000000 ____D () C:\FRST
2015-03-16 15:54 - 2015-03-16 15:54 - 01135104 _____ (Farbar) C:\Documents and Settings\Jeff M\Desktop\FRST.exe
2015-03-16 15:53 - 2015-03-16 15:53 - 00000000 _____ () C:\Documents and Settings\Jeff M\Local Settings\Temp.dat
2015-03-16 09:06 - 2015-03-16 09:06 - 00014347 _____ () C:\Documents and Settings\Jeff M\Desktop\hijackthis.log
2015-03-16 09:05 - 2015-03-16 09:05 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Jeff M\Desktop\HijackThis.exe
2015-03-14 03:46 - 2015-03-14 03:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0215tb
2015-03-12 20:14 - 2015-03-12 20:14 - 00000000 _____ () C:\Documents and Settings\Jeff M\Desktop\New Text Document.txt
2015-03-09 23:42 - 2015-03-12 19:31 - 00000000 ____D () C:\Program Files\TakeTTheCoupon
2015-03-09 12:25 - 2015-03-09 12:25 - 00060618 _____ () C:\WINDOWS\alaredun.ini
2015-03-09 11:58 - 2015-03-09 12:25 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\11815 Waterville
2015-03-07 22:22 - 2015-03-16 09:27 - 00000020 _____ () C:\Documents and Settings\Jeff M\Application Data\appdataFr3.bin
2015-03-07 22:22 - 2015-03-07 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ads Remover
2015-03-06 09:17 - 2015-03-09 11:32 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\11131 West St
2015-03-05 23:13 - 2015-03-05 23:13 - 00001842 _____ () C:\Documents and Settings\Jeff M\Desktop\Spybot-S&D Start Center (2).lnk
2015-03-05 23:11 - 2015-03-05 23:15 - 00012976 _____ () C:\WINDOWS\wininit.ini
2015-03-05 20:56 - 2015-03-12 19:28 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-05 20:56 - 2015-03-07 21:44 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-05 20:56 - 2015-03-05 20:56 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-05 20:55 - 2015-03-12 19:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-05 20:55 - 2015-03-05 20:55 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-05 20:55 - 2015-03-05 20:55 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-05 20:55 - 2015-03-05 20:55 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-03-05 20:55 - 2015-03-05 20:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-05 20:55 - 2013-09-20 11:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-03-05 20:54 - 2015-03-05 21:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-05 20:34 - 2015-03-05 20:18 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-03-05 20:25 - 2015-03-05 20:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-05 20:18 - 2015-03-05 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-03-05 20:14 - 2015-03-12 18:59 - 00018956 _____ () C:\WINDOWS\setupapi.log
2015-03-05 20:14 - 2015-03-05 20:14 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-05 09:03 - 2015-03-14 09:26 - 00015672 _____ () C:\Documents and Settings\Jeff M\debug.log
2015-03-04 21:51 - 2015-03-04 21:51 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-04 21:43 - 2015-03-04 21:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2015-03-04 21:38 - 2015-03-04 21:48 - 00008417 _____ () C:\WINDOWS\KB942288-v3.log
2015-03-04 21:33 - 2015-03-04 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-03-04 19:19 - 2015-03-16 15:53 - 00001528 _____ () C:\WINDOWS\system32\debug.log
2015-03-04 19:19 - 2015-03-05 13:02 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\AVG Web TuneUp
2015-03-04 19:19 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\AVG Web TuneUp
2015-03-04 19:19 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-03-04 19:18 - 2015-03-14 09:27 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-04 19:18 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2015-03-04 18:55 - 2015-03-04 18:55 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\AVG2015
2015-03-04 18:52 - 2015-03-04 18:52 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-03-04 18:52 - 2015-03-04 18:52 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\TuneUp Software
2015-03-04 18:52 - 2015-03-04 18:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-03-04 18:48 - 2015-03-04 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-03-04 18:48 - 2015-03-04 18:48 - 00000000 ___HD () C:\$AVG
2015-03-04 18:41 - 2015-03-04 18:59 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\Avg2015
2015-03-03 19:25 - 2015-03-03 19:25 - 00000000 ____D () C:\Program Files\RelaySoft
2015-03-03 19:24 - 2015-03-09 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\10538106015357718530
2015-03-03 19:24 - 2015-03-05 23:11 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-03-03 19:24 - 2015-03-04 23:30 - 00000000 ____D () C:\Program Files\UeniiDealsi
2015-03-03 19:24 - 2015-03-04 20:49 - 00000000 ____D () C:\Program Files\UniDeals
2015-03-03 19:24 - 2015-03-04 19:44 - 00000000 ____D () C:\Program Files\Veritabs
2015-03-03 19:22 - 2015-03-04 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{ac6143da-fd51-7668-ac61-143dafd50f6b}
2015-03-03 19:22 - 2015-03-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\eogjaiololpagbalolpginpeggajnocd
2015-03-02 16:25 - 2015-03-02 16:25 - 00021504 _____ () C:\WINDOWS\jestertb.dll
2015-03-02 15:29 - 2015-03-09 11:26 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\10215east
2015-03-02 12:50 - 2015-03-02 12:50 - 00000000 ___RD () C:\Documents and Settings\Jeff M\Start Menu\Programs\Samsung Printers
2015-02-25 12:08 - 2015-03-16 15:08 - 00000544 _____ () C:\WINDOWS\Tasks\avayvaxvaa.job
2015-02-25 12:08 - 2015-03-04 21:28 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa
2015-02-24 08:54 - 2015-03-07 21:52 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\concessionTrailers
2015-02-19 22:27 - 2015-02-19 22:27 - 00202208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-02-18 17:03 - 2015-02-18 13:07 - 56722125 _____ () C:\Documents and Settings\Jeff M\Desktop\Vitos Ad.mp4
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-16 15:03 - 2015-02-16 15:03 - 00004670 _____ () C:\Documents and Settings\Jeff M\My Documents\secondweekregistration with candy.csv
2015-02-16 14:55 - 2015-02-16 14:55 - 00006967 _____ () C:\Documents and Settings\Jeff M\My Documents\secondweekregistration.csv
2015-02-16 13:51 - 2015-02-16 18:33 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\319 Wallace
2015-02-15 16:18 - 2015-02-15 17:49 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\DylanTax Return2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 15:56 - 2012-02-18 09:24 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Temp
2015-03-16 15:15 - 2012-07-24 17:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-16 15:11 - 2012-03-04 15:02 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 15:11 - 2012-03-04 15:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 14:16 - 2013-04-16 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-16 14:15 - 2009-03-19 17:00 - 00032272 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-16 03:24 - 2009-03-19 16:56 - 01422411 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-14 08:50 - 2012-03-05 19:18 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\FileZilla
2015-03-12 20:33 - 2013-04-16 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-12 19:11 - 2013-04-28 12:52 - 00000000 ____D () C:\Program Files\Adobe
2015-03-12 18:59 - 2009-03-19 08:47 - 00176763 _____ () C:\WINDOWS\setupact.log
2015-03-12 18:58 - 2009-03-19 08:51 - 00000762 _____ () C:\WINDOWS\wiadebug.log
2015-03-12 04:13 - 2013-04-28 12:54 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-12 03:22 - 2012-03-05 19:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-12 03:19 - 2013-08-03 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 03:05 - 2012-03-05 18:15 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 08:52 - 2014-03-13 16:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\alamode
2015-03-10 08:51 - 2014-11-24 14:30 - 00000364 _____ () C:\WINDOWS\_vfd.log
2015-03-10 08:51 - 2014-11-24 14:09 - 00000932 _____ () C:\WINDOWS\alamode.ini
2015-03-09 11:59 - 2013-04-28 12:44 - 00000000 ____D () C:\Documents and Settings\Jeff M\My Documents\PDF files
2015-03-09 11:06 - 2015-02-09 14:43 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\542scenic
2015-03-09 10:48 - 2014-03-13 17:08 - 00002309 _____ () C:\Documents and Settings\All Users\Desktop\TOTAL.lnk
2015-03-08 15:00 - 2014-03-28 19:38 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-07 22:29 - 2015-01-29 09:59 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\2015baseball
2015-03-07 21:44 - 2008-08-21 08:00 - 00012692 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-07 21:43 - 2009-03-19 08:51 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-07 21:42 - 2014-03-28 19:38 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-07 21:41 - 2012-03-04 15:02 - 00000000 ____D () C:\Program Files\Google
2015-03-07 21:41 - 2009-03-19 17:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-06 09:28 - 2013-10-25 10:03 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\WEB2Print
2015-03-05 21:02 - 2009-03-19 17:00 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-05 20:18 - 2014-10-18 19:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-03-05 20:18 - 2013-04-16 14:52 - 00000000 ____D () C:\Program Files\Java
2015-03-05 20:15 - 2013-06-18 19:47 - 00001397 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-03-05 20:15 - 2013-04-28 12:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2015-03-05 20:15 - 2012-03-04 15:02 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google
2015-03-05 09:03 - 2012-02-18 09:24 - 00000000 ____D () C:\Documents and Settings\Jeff M
2015-03-05 00:01 - 2009-03-19 16:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-03-04 21:48 - 2009-03-19 08:48 - 01512941 _____ () C:\WINDOWS\iis6.log
2015-03-04 21:48 - 2009-03-19 08:48 - 01393679 _____ () C:\WINDOWS\FaxSetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00673960 _____ () C:\WINDOWS\ocgen.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00641703 _____ () C:\WINDOWS\tsoc.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00467907 _____ () C:\WINDOWS\comsetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00422540 _____ () C:\WINDOWS\msmqinst.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00282306 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00244299 _____ () C:\WINDOWS\netfxocm.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00096262 _____ () C:\WINDOWS\MedCtrOC.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00077151 _____ () C:\WINDOWS\ocmsn.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00070605 _____ () C:\WINDOWS\tabletoc.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00069778 _____ () C:\WINDOWS\msgsocm.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-03-04 21:46 - 2009-03-19 08:40 - 00000000 ____D () C:\WINDOWS\system32\mui
2015-03-04 19:03 - 2012-02-18 09:24 - 00000178 ___SH () C:\Documents and Settings\Jeff M\ntuser.ini
2015-03-04 18:52 - 2009-03-19 08:47 - 05330603 _____ () C:\WINDOWS\setupapi.log.0.old
2015-03-04 18:47 - 2013-04-16 15:08 - 00000000 ____D () C:\Program Files\AVG
2015-03-04 01:49 - 2013-05-04 18:14 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-03 17:41 - 2013-04-29 15:59 - 00000015 _____ () C:\WINDOWS\system32\nvModes.dat
2015-03-03 17:41 - 2013-04-18 21:41 - 00295544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2015-03-03 17:41 - 2013-04-18 21:41 - 00295544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2015-03-03 17:41 - 2013-04-18 21:41 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2015-03-02 12:49 - 2013-02-08 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung
2015-02-25 14:28 - 2014-03-13 17:05 - 00002337 _____ () C:\Documents and Settings\All Users\Desktop\Mercury Desktop.lnk
2015-02-24 00:14 - 2015-01-28 19:05 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\223syracuse
2015-02-23 23:12 - 2014-06-03 00:53 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\hackney
2015-02-20 09:49 - 2015-02-09 09:30 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\syracuse
2015-02-18 20:32 - 2014-03-13 18:32 - 00000190 _____ () C:\WINDOWS\HASHTABLE
2015-02-18 12:46 - 2014-10-03 23:16 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\vitosart
2015-02-15 16:18 - 2015-02-12 20:56 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\913Pearl
2015-02-14 13:14 - 2014-08-27 18:56 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp

==================== Files in the root of some directories =======

2015-03-07 22:22 - 2015-03-16 09:27 - 0000020 _____ () C:\Documents and Settings\Jeff M\Application Data\appdataFr3.bin
2012-05-17 21:41 - 2014-10-18 19:25 - 0021504 _____ () C:\Documents and Settings\Jeff M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-14 10:05 - 2014-10-14 10:07 - 3047106 _____ () C:\Documents and Settings\All Users\_MSI_ConvertCompete.log

Some content of TEMP:
====================
C:\Documents and Settings\Grounds\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Grounds\Local Settings\Temp\SPSetup.exe
C:\Documents and Settings\Jeff M\Local Settings\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



#7 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 16 March 2015 - 06:38 PM

Hi twoboysdad,
 
Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
And applications,
 
UniDeals
UeniiDealsi
youtubeadblocker
SearchProtect
TakeTTheCoupon
Ads Remover
ShhoopDrop
AVG Web TuneUp
AVG Secure Search
C:\Program Files\TakeTTheCoupon
C:\Program Files\UeniiDealsi

C:\Program Files\UniDeals
-----------------------------------------------------------------------------------------

Ensure your external and/or USB drives are inserted during the scan
Step 1:
 FRST Script:
 Please download this attached txt.gif  fixlist.txt   9.41KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

Attached Files


Edited by olgun52, 16 March 2015 - 06:40 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 16 March 2015 - 08:52 PM

Am I supposed to delete those applications that are in the first part of the reply?

#9 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 17 March 2015 - 06:45 AM

Am I supposed to delete those applications that are in the first part of the reply?

Yes. Find and delete all please.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 March 2015 - 07:26 AM

Running first scan. I'll have to finish later today after wirk

#11 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 March 2015 - 05:57 PM

FRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Jeff M (administrator) on CONCESSIONS on 16-03-2015 15:55:26
Running from C:\Documents and Settings\Jeff M\Desktop
Loaded Profiles: Jeff M & Libby R & Grounds & UpdatusUser (Available profiles: Jeff M & Libby R & Grounds & UpdatusUser & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Fitbit, Inc.) C:\Program Files\Fitbit\fitbit.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(a la mode, inc.) C:\Program Files\a la mode\Sched\eSched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(The Linksys Group, Inc.) C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Trend Micro Inc.) C:\Documents and Settings\Jeff M\Desktop\HijackThis.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [PS121v2] => C:\Program Files\NETGEAR\PS121v2\PS121v2.exe [696320 2007-05-23] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [The Assistant] => C:\Program Files\a la mode\Sched\eSched.exe [99840 2007-04-16] (a la mode, inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-03-14] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Run: [Fitbit Service Monitor] => C:\Program Files\Fitbit\fitbit-tray.exe [2177056 2012-06-22] (Fitbit, Inc.)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-08-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\MountPoints2: {222fed07-537f-11e1-8a7b-806d6172696f} - D:\Setup.exe
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\MountPoints2: {6d740b94-a8df-11e2-b77b-100d7f284dea} - E:\LaunchU3.exe -a
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless PCI Card Configuration Utility.lnk
ShortcutTarget: Wireless PCI Card Configuration Utility.lnk -> C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe (The Linksys Group, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={6F233631-C0FA-4A58-8261-B389041C9C35}&mid=a5c9bfae98db47d394ccc14439cca419-2df0e8f6de78f34e528e0f673062ac659de25312&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-03-04 18:18:58&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bgbaseball.com/
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: [S-1-5-21-856814538-4203512516-1295414859-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {68941088-71BC-4514-A886-C03661EE1DF8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3277370&CUI=UN28790460832944929&UM=2
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6F233631-C0FA-4A58-8261-B389041C9C35}&mid=a5c9bfae98db47d394ccc14439cca419-2df0e8f6de78f34e528e0f673062ac659de25312&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2015-03-04 18:18:58&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> {EF3087FA-1B49-4C2D-8776-16978A071514} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120310,6901,0,8,0
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: TakeTTheCoupon -> {3aed8d01-459b-4d92-83b9-6c85fdeaa700} -> C:\Program Files\TakeTTheCoupon\7xV6U2QfUjUwVE.dll [2015-03-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-03-14] (AVG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-856814538-4203512516-1295414859-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {A6858057-8380-466B-AE5E-77BB8A551D7E} https://vault.alamode.com/cab/vaultinstall.cab
DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} https://vault.alamode.com/cab/vfd.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12-16655/support/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-856814538-4203512516-1295414859-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Jeff M\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-04-20] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Jeff M\Application Data\mozilla\plugins\npatgpc.dll [2014-12-23] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-18]
FF HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.bgcs.k12.oh.us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Cisco WebEx Extension) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 c616b728; c:\Program Files\RelaySoft\RelaySoft.dll [1635328 2015-03-03] () [File not signed]
R2 Fitbit; C:\Program Files\Fitbit\fitbit.exe [773152 2012-06-22] (Fitbit, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-04] (AVG Secure Search)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)
R3 NETGEARUHOST; C:\WINDOWS\System32\DRIVERS\NETGEARUHOST.sys [12032 2007-03-08] (SerComm)
R3 NETGEARUHUB; C:\WINDOWS\System32\DRIVERS\NETGEARUHUB.sys [39424 2007-03-08] (SerComm)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123584 2012-03-22] (NVIDIA Corporation)
R3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 SIUSBXP; C:\WINDOWS\System32\drivers\SiUSBXp.sys [21992 2012-04-02] (Silicon Laboratories)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) [File not signed]
S3 WMP11; C:\WINDOWS\System32\DRIVERS\WMP11NDS.sys [54083 2002-05-16] (The Linksys Group, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 15:55 - 2015-03-16 15:56 - 00048624 _____ () C:\Documents and Settings\Jeff M\Desktop\FRST.txt
2015-03-16 15:55 - 2015-03-16 15:56 - 00000000 ____D () C:\FRST
2015-03-16 15:54 - 2015-03-16 15:54 - 01135104 _____ (Farbar) C:\Documents and Settings\Jeff M\Desktop\FRST.exe
2015-03-16 15:53 - 2015-03-16 15:53 - 00000000 _____ () C:\Documents and Settings\Jeff M\Local Settings\Temp.dat
2015-03-16 09:06 - 2015-03-16 09:06 - 00014347 _____ () C:\Documents and Settings\Jeff M\Desktop\hijackthis.log
2015-03-16 09:05 - 2015-03-16 09:05 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Jeff M\Desktop\HijackThis.exe
2015-03-14 03:46 - 2015-03-14 03:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0215tb
2015-03-12 20:14 - 2015-03-12 20:14 - 00000000 _____ () C:\Documents and Settings\Jeff M\Desktop\New Text Document.txt
2015-03-09 23:42 - 2015-03-12 19:31 - 00000000 ____D () C:\Program Files\TakeTTheCoupon
2015-03-09 12:25 - 2015-03-09 12:25 - 00060618 _____ () C:\WINDOWS\alaredun.ini
2015-03-09 11:58 - 2015-03-09 12:25 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\11815 Waterville
2015-03-07 22:22 - 2015-03-16 09:27 - 00000020 _____ () C:\Documents and Settings\Jeff M\Application Data\appdataFr3.bin
2015-03-07 22:22 - 2015-03-07 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ads Remover
2015-03-06 09:17 - 2015-03-09 11:32 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\11131 West St
2015-03-05 23:13 - 2015-03-05 23:13 - 00001842 _____ () C:\Documents and Settings\Jeff M\Desktop\Spybot-S&D Start Center (2).lnk
2015-03-05 23:11 - 2015-03-05 23:15 - 00012976 _____ () C:\WINDOWS\wininit.ini
2015-03-05 20:56 - 2015-03-12 19:28 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-05 20:56 - 2015-03-07 21:44 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-05 20:56 - 2015-03-05 20:56 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-05 20:55 - 2015-03-12 19:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-05 20:55 - 2015-03-05 20:55 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-05 20:55 - 2015-03-05 20:55 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-05 20:55 - 2015-03-05 20:55 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-03-05 20:55 - 2015-03-05 20:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-05 20:55 - 2013-09-20 11:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-03-05 20:54 - 2015-03-05 21:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-05 20:34 - 2015-03-05 20:18 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-03-05 20:25 - 2015-03-05 20:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-05 20:18 - 2015-03-05 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-03-05 20:14 - 2015-03-12 18:59 - 00018956 _____ () C:\WINDOWS\setupapi.log
2015-03-05 20:14 - 2015-03-05 20:14 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-05 09:03 - 2015-03-14 09:26 - 00015672 _____ () C:\Documents and Settings\Jeff M\debug.log
2015-03-04 21:51 - 2015-03-04 21:51 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-04 21:43 - 2015-03-04 21:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2015-03-04 21:38 - 2015-03-04 21:48 - 00008417 _____ () C:\WINDOWS\KB942288-v3.log
2015-03-04 21:33 - 2015-03-04 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-03-04 19:19 - 2015-03-16 15:53 - 00001528 _____ () C:\WINDOWS\system32\debug.log
2015-03-04 19:19 - 2015-03-05 13:02 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\AVG Web TuneUp
2015-03-04 19:19 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\AVG Web TuneUp
2015-03-04 19:19 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-03-04 19:18 - 2015-03-14 09:27 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-04 19:18 - 2015-03-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2015-03-04 18:55 - 2015-03-04 18:55 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\AVG2015
2015-03-04 18:52 - 2015-03-04 18:52 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-03-04 18:52 - 2015-03-04 18:52 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\TuneUp Software
2015-03-04 18:52 - 2015-03-04 18:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-03-04 18:48 - 2015-03-04 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-03-04 18:48 - 2015-03-04 18:48 - 00000000 ___HD () C:\$AVG
2015-03-04 18:41 - 2015-03-04 18:59 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\Avg2015
2015-03-03 19:25 - 2015-03-03 19:25 - 00000000 ____D () C:\Program Files\RelaySoft
2015-03-03 19:24 - 2015-03-09 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\10538106015357718530
2015-03-03 19:24 - 2015-03-05 23:11 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-03-03 19:24 - 2015-03-04 23:30 - 00000000 ____D () C:\Program Files\UeniiDealsi
2015-03-03 19:24 - 2015-03-04 20:49 - 00000000 ____D () C:\Program Files\UniDeals
2015-03-03 19:24 - 2015-03-04 19:44 - 00000000 ____D () C:\Program Files\Veritabs
2015-03-03 19:22 - 2015-03-04 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{ac6143da-fd51-7668-ac61-143dafd50f6b}
2015-03-03 19:22 - 2015-03-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\eogjaiololpagbalolpginpeggajnocd
2015-03-02 16:25 - 2015-03-02 16:25 - 00021504 _____ () C:\WINDOWS\jestertb.dll
2015-03-02 15:29 - 2015-03-09 11:26 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\10215east
2015-03-02 12:50 - 2015-03-02 12:50 - 00000000 ___RD () C:\Documents and Settings\Jeff M\Start Menu\Programs\Samsung Printers
2015-02-25 12:08 - 2015-03-16 15:08 - 00000544 _____ () C:\WINDOWS\Tasks\avayvaxvaa.job
2015-02-25 12:08 - 2015-03-04 21:28 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa
2015-02-24 08:54 - 2015-03-07 21:52 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\concessionTrailers
2015-02-19 22:27 - 2015-02-19 22:27 - 00202208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-02-18 17:03 - 2015-02-18 13:07 - 56722125 _____ () C:\Documents and Settings\Jeff M\Desktop\Vitos Ad.mp4
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-16 15:03 - 2015-02-16 15:03 - 00004670 _____ () C:\Documents and Settings\Jeff M\My Documents\secondweekregistration with candy.csv
2015-02-16 14:55 - 2015-02-16 14:55 - 00006967 _____ () C:\Documents and Settings\Jeff M\My Documents\secondweekregistration.csv
2015-02-16 13:51 - 2015-02-16 18:33 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\319 Wallace
2015-02-15 16:18 - 2015-02-15 17:49 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\DylanTax Return2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 15:56 - 2012-02-18 09:24 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Temp
2015-03-16 15:15 - 2012-07-24 17:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-16 15:11 - 2012-03-04 15:02 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 15:11 - 2012-03-04 15:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 14:16 - 2013-04-16 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-16 14:15 - 2009-03-19 17:00 - 00032272 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-16 03:24 - 2009-03-19 16:56 - 01422411 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-14 08:50 - 2012-03-05 19:18 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\FileZilla
2015-03-12 20:33 - 2013-04-16 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-12 19:11 - 2013-04-28 12:52 - 00000000 ____D () C:\Program Files\Adobe
2015-03-12 18:59 - 2009-03-19 08:47 - 00176763 _____ () C:\WINDOWS\setupact.log
2015-03-12 18:58 - 2009-03-19 08:51 - 00000762 _____ () C:\WINDOWS\wiadebug.log
2015-03-12 04:13 - 2013-04-28 12:54 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-12 03:22 - 2012-03-05 19:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-12 03:19 - 2013-08-03 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 03:05 - 2012-03-05 18:15 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 08:52 - 2014-03-13 16:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\alamode
2015-03-10 08:51 - 2014-11-24 14:30 - 00000364 _____ () C:\WINDOWS\_vfd.log
2015-03-10 08:51 - 2014-11-24 14:09 - 00000932 _____ () C:\WINDOWS\alamode.ini
2015-03-09 11:59 - 2013-04-28 12:44 - 00000000 ____D () C:\Documents and Settings\Jeff M\My Documents\PDF files
2015-03-09 11:06 - 2015-02-09 14:43 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\542scenic
2015-03-09 10:48 - 2014-03-13 17:08 - 00002309 _____ () C:\Documents and Settings\All Users\Desktop\TOTAL.lnk
2015-03-08 15:00 - 2014-03-28 19:38 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-07 22:29 - 2015-01-29 09:59 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\2015baseball
2015-03-07 21:44 - 2008-08-21 08:00 - 00012692 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-07 21:43 - 2009-03-19 08:51 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-07 21:42 - 2014-03-28 19:38 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-07 21:41 - 2012-03-04 15:02 - 00000000 ____D () C:\Program Files\Google
2015-03-07 21:41 - 2009-03-19 17:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-06 09:28 - 2013-10-25 10:03 - 00000000 ____D () C:\Documents and Settings\Jeff M\Application Data\WEB2Print
2015-03-05 21:02 - 2009-03-19 17:00 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-05 20:18 - 2014-10-18 19:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-03-05 20:18 - 2013-04-16 14:52 - 00000000 ____D () C:\Program Files\Java
2015-03-05 20:15 - 2013-06-18 19:47 - 00001397 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-03-05 20:15 - 2013-04-28 12:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2015-03-05 20:15 - 2012-03-04 15:02 - 00000000 ____D () C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google
2015-03-05 09:03 - 2012-02-18 09:24 - 00000000 ____D () C:\Documents and Settings\Jeff M
2015-03-05 00:01 - 2009-03-19 16:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-03-04 21:48 - 2009-03-19 08:48 - 01512941 _____ () C:\WINDOWS\iis6.log
2015-03-04 21:48 - 2009-03-19 08:48 - 01393679 _____ () C:\WINDOWS\FaxSetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00673960 _____ () C:\WINDOWS\ocgen.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00641703 _____ () C:\WINDOWS\tsoc.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00467907 _____ () C:\WINDOWS\comsetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00422540 _____ () C:\WINDOWS\msmqinst.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00282306 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00244299 _____ () C:\WINDOWS\netfxocm.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00096262 _____ () C:\WINDOWS\MedCtrOC.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00077151 _____ () C:\WINDOWS\ocmsn.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00070605 _____ () C:\WINDOWS\tabletoc.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00069778 _____ () C:\WINDOWS\msgsocm.log
2015-03-04 21:48 - 2009-03-19 08:48 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-03-04 21:46 - 2009-03-19 08:40 - 00000000 ____D () C:\WINDOWS\system32\mui
2015-03-04 19:03 - 2012-02-18 09:24 - 00000178 ___SH () C:\Documents and Settings\Jeff M\ntuser.ini
2015-03-04 18:52 - 2009-03-19 08:47 - 05330603 _____ () C:\WINDOWS\setupapi.log.0.old
2015-03-04 18:47 - 2013-04-16 15:08 - 00000000 ____D () C:\Program Files\AVG
2015-03-04 01:49 - 2013-05-04 18:14 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-03 17:41 - 2013-04-29 15:59 - 00000015 _____ () C:\WINDOWS\system32\nvModes.dat
2015-03-03 17:41 - 2013-04-18 21:41 - 00295544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2015-03-03 17:41 - 2013-04-18 21:41 - 00295544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2015-03-03 17:41 - 2013-04-18 21:41 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2015-03-02 12:49 - 2013-02-08 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung
2015-02-25 14:28 - 2014-03-13 17:05 - 00002337 _____ () C:\Documents and Settings\All Users\Desktop\Mercury Desktop.lnk
2015-02-24 00:14 - 2015-01-28 19:05 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\223syracuse
2015-02-23 23:12 - 2014-06-03 00:53 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\hackney
2015-02-20 09:49 - 2015-02-09 09:30 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\syracuse
2015-02-18 20:32 - 2014-03-13 18:32 - 00000190 _____ () C:\WINDOWS\HASHTABLE
2015-02-18 12:46 - 2014-10-03 23:16 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\vitosart
2015-02-15 16:18 - 2015-02-12 20:56 - 00000000 ____D () C:\Documents and Settings\Jeff M\Desktop\913Pearl
2015-02-14 13:14 - 2014-08-27 18:56 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp

==================== Files in the root of some directories =======

2015-03-07 22:22 - 2015-03-16 09:27 - 0000020 _____ () C:\Documents and Settings\Jeff M\Application Data\appdataFr3.bin
2012-05-17 21:41 - 2014-10-18 19:25 - 0021504 _____ () C:\Documents and Settings\Jeff M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-14 10:05 - 2014-10-14 10:07 - 3047106 _____ () C:\Documents and Settings\All Users\_MSI_ConvertCompete.log

Some content of TEMP:
====================
C:\Documents and Settings\Grounds\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Grounds\Local Settings\Temp\SPSetup.exe
C:\Documents and Settings\Jeff M\Local Settings\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Adwarcleaner log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jeff M at 2015-03-16 15:57:25
Running from C:\Documents and Settings\Jeff M\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
a la mode Competitor Conversion Plug-in (HKLM\...\{DABC0CAC-C604-495C-84E9-BEE2F557E969}) (Version: 6.54.0001 - a la mode, inc.)
a la mode Vault (HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\InstallShield_{BF36BCF3-FA5C-402B-AA20-3909B813142A}) (Version: 3.10 - a la mode, inc.)
a la mode Vault (Version: 3.10 - a la mode, inc.) Hidden
ACI Collection For Windows 2012 (HKLM\...\{03EBDBBF-20E5-4910-B406-533412F40BB6}) (Version: 1.00.168 - ACI)
ACI Core Files (HKLM\...\{C1067095-24AB-4BCD-B64B-BE83A9186DCE}) (Version: 2010 - )
ACI Desktop Additional Components  (HKLM\...\{B91E86A0-9F63-4E7E-9D53-2C0AB67BE15C}) (Version: 1.00.069 - ACI)
ACIGo.EService Update 8.6.8 (HKLM\...\{61913B89-9302-4F1A-B17C-A70073BCDAB4}) (Version: 8.6.8 - ACI)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Ads Remover (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Ads Remover) <==== ATTENTION
Apex IV ™ Appraiser - v2.9 (HKLM\...\Apex IV ™ Appraiser - v2.9) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
bpd_scan_Carrier (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
BuildFax.EService Update 8.7.101 (HKLM\...\{76C5D962-C8CC-4E75-887E-A06556F4CE5B}) (Version: 8.7.101 - ACI)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DigiHand (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c616b728}) (Version:  - DigiHand) <==== ATTENTION
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FileZilla Client 3.0.9.3 (HKLM\...\FileZilla Client) (Version: 3.0.9.3 - )
Fitbit Base Station (Driver Removal) (HKLM\...\FITBIT&10C4&84C4) (Version:  - Fitbit)
Fitbit v2.1.0.9 (HKLM\...\Fitbit Data Uploader_is1) (Version: 2.1.0.9 - Fitbit, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-856814538-4203512516-1295414859-1005\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
L7500 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mercury Desktop (HKLM\...\{5DC0724E-4DC2-4F5D-AF63-9DBA6C731256}) (Version: 3.00.0015 - a la mode, inc.)
Mercury Desktop Supporting Applications (HKLM\...\{3D5094F3-DB26-4CD3-B7EC-BD47B310CBF0}) (Version: 1.00.0005 - a la mode, inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MPM (HKLM\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSInk1.7 (HKLM\...\{3734A505-F740-421A-8865-CACAB05E4E07}) (Version: 1.0.0 - a la mode)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetGear PS121v2 (HKLM\...\{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}) (Version: 1.00.2000 - Netgear)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Graphics Driver 296.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
pdfFactory (HKLM\...\pdfFactory) (Version: 4.80 - FinePrint Software, LLC)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Samsung Easy Deployment Manager (HKLM\...\Samsung Easy Deployment Manager) (Version: 1.00.31 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.61 (4/10/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.17.00(4/12/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM\...\Easy Wireless Setup) (Version: 3.60.25 - Samsung Electronics Co., Ltd.)
Samsung ML-1610 Series (HKLM\...\Samsung ML-1610 Series) (Version:  - )
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3400 Series (HKLM\...\Samsung SCX-3400 Series) (Version: 1.18 (7/1/2013) - Samsung Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SetIP (HKLM\...\SetIP) (Version: 1.05.03.00 - Samsung Electronics Co., Ltd.)
ShhoopDrop (HKLM\...\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}) (Version:  - "") <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOTAL (HKLM\...\{51D047D0-35E4-4C70-A99F-6BADA4C247E8}) (Version: 6.100.0111 - a la mode, inc.)
TOTAL Sketch (HKLM\...\{C7FC1034-3ECD-44B9-85D3-24C32EEC78F8}) (Version: 1.00.0051 - a la mode, inc.)
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WFG2.EService Update 8.6.92 (HKLM\...\{E6CA287A-30CC-4353-B8A2-E4483A759C71}) (Version: 8.6.92 - ACI)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
Wireless PCI Card Configuration Utility (HKLM\...\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-856814538-4203512516-1295414859-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-856814538-4203512516-1295414859-1005_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\Jeff M\Desktop\ADOBE_PHOTOSHOP_LICENSE_PATCH_CRACKED.exe No File

==================== Restore Points  =========================

17-12-2014 09:43:40 System Checkpoint
18-12-2014 10:43:40 System Checkpoint
19-12-2014 11:43:40 System Checkpoint
20-12-2014 12:43:40 System Checkpoint
21-12-2014 13:43:40 System Checkpoint
22-12-2014 13:47:25 System Checkpoint
23-12-2014 14:48:57 System Checkpoint
24-12-2014 15:35:46 System Checkpoint
25-12-2014 16:34:45 System Checkpoint
26-12-2014 17:33:45 System Checkpoint
27-12-2014 18:33:44 System Checkpoint
28-12-2014 18:57:49 System Checkpoint
29-12-2014 19:30:24 System Checkpoint
30-12-2014 20:28:58 System Checkpoint
31-12-2014 21:27:26 System Checkpoint
01-01-2015 22:27:26 System Checkpoint
02-01-2015 23:27:27 System Checkpoint
04-01-2015 00:27:29 System Checkpoint
05-01-2015 01:27:27 System Checkpoint
06-01-2015 02:27:26 System Checkpoint
07-01-2015 03:27:01 System Checkpoint
08-01-2015 04:27:01 System Checkpoint
09-01-2015 05:27:01 System Checkpoint
10-01-2015 06:27:01 System Checkpoint
11-01-2015 07:25:31 System Checkpoint
12-01-2015 08:25:32 System Checkpoint
13-01-2015 09:25:32 System Checkpoint
14-01-2015 04:00:17 Software Distribution Service 3.0
15-01-2015 04:24:54 System Checkpoint
16-01-2015 05:24:54 System Checkpoint
17-01-2015 06:24:57 System Checkpoint
18-01-2015 06:50:19 System Checkpoint
19-01-2015 07:51:23 System Checkpoint
20-01-2015 08:36:01 System Checkpoint
21-01-2015 09:36:01 System Checkpoint
22-01-2015 09:37:06 System Checkpoint
23-01-2015 10:36:01 System Checkpoint
24-01-2015 11:36:01 System Checkpoint
25-01-2015 13:32:16 System Checkpoint
26-01-2015 13:35:00 System Checkpoint
27-01-2015 13:39:21 System Checkpoint
28-01-2015 14:01:26 System Checkpoint
29-01-2015 15:01:26 System Checkpoint
30-01-2015 15:59:49 System Checkpoint
31-01-2015 16:58:37 System Checkpoint
01-02-2015 17:56:18 System Checkpoint
02-02-2015 17:57:23 System Checkpoint
03-02-2015 19:51:48 System Checkpoint
04-02-2015 19:53:26 System Checkpoint
05-02-2015 20:52:24 System Checkpoint
06-02-2015 22:33:08 System Checkpoint
08-02-2015 11:40:38 System Checkpoint
09-02-2015 15:09:50 System Checkpoint
10-02-2015 15:28:27 System Checkpoint
11-02-2015 04:00:32 Software Distribution Service 3.0
12-02-2015 04:15:25 System Checkpoint
13-02-2015 05:14:14 System Checkpoint
14-02-2015 06:13:13 System Checkpoint
15-02-2015 09:43:20 System Checkpoint
16-02-2015 10:01:22 System Checkpoint
17-02-2015 10:54:15 System Checkpoint
18-02-2015 13:24:52 System Checkpoint
19-02-2015 13:46:36 System Checkpoint
20-02-2015 14:45:35 System Checkpoint
21-02-2015 15:45:15 System Checkpoint
22-02-2015 16:45:15 System Checkpoint
23-02-2015 17:45:15 System Checkpoint
24-02-2015 18:36:49 System Checkpoint
25-02-2015 21:42:47 System Checkpoint
26-02-2015 22:35:16 System Checkpoint
27-02-2015 23:35:16 System Checkpoint
01-03-2015 10:13:35 System Checkpoint
02-03-2015 11:06:17 System Checkpoint
03-03-2015 11:09:55 System Checkpoint
04-03-2015 12:09:54 System Checkpoint
04-03-2015 18:46:57 Installed AVG 2015
04-03-2015 18:47:16 Removed AVG 2013
04-03-2015 18:48:04 Installed AVG 2015
04-03-2015 21:46:25 Installed Windows XP KB942288-v3.
04-03-2015 21:53:29 AA11
04-03-2015 23:55:25 AA11
05-03-2015 08:03:41 Restore Operation
05-03-2015 08:58:40 Restore Operation
05-03-2015 20:14:11 Removed Broadcom Gigabit Integrated Controller
05-03-2015 20:18:44 Software Distribution Service 3.0
05-03-2015 20:31:50 Software Distribution Service 3.0
07-03-2015 23:45:46 System Checkpoint
08-03-2015 23:47:24 System Checkpoint
10-03-2015 00:47:27 System Checkpoint
11-03-2015 01:47:26 System Checkpoint
12-03-2015 01:48:31 System Checkpoint
12-03-2015 03:00:35 Software Distribution Service 3.0
13-03-2015 03:47:26 System Checkpoint
14-03-2015 04:47:25 System Checkpoint
15-03-2015 04:47:38 System Checkpoint
16-03-2015 05:47:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-08-21 08:00 - 2008-08-21 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avayvaxvaa.job => C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa\avayvaxvaa.exe C:\Documents and Settings\Jeff M\Local Settings\Application Data\avayvaxvaa\avayvaxvaa.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-08 12:48 - 2011-05-02 00:41 - 00024064 _____ () C:\WINDOWS\system32\ssm1mlm.dll
2015-03-03 19:25 - 2015-03-03 19:25 - 01635328 _____ () c:\Program Files\RelaySoft\RelaySoft.dll
2008-08-21 08:00 - 2008-08-21 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-05-06 04:45 - 2008-05-06 04:45 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-03-05 20:55 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-05 20:55 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-02-18 10:04 - 2007-05-23 11:39 - 00696320 _____ () C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
2012-02-18 10:04 - 2007-05-23 11:23 - 00147456 _____ () C:\Program Files\NETGEAR\PS121v2\Utility.dll
2012-03-09 10:58 - 2012-03-09 10:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2006-11-17 19:18 - 2006-11-17 19:18 - 00122880 _____ () C:\WINDOWS\system32\ala32.dll
2015-03-04 19:18 - 2015-03-04 19:18 - 01711128 ____N () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2015-03-05 20:55 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-08 12:29 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
2013-02-08 12:29 - 2013-10-30 19:14 - 00319488 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
2015-03-04 19:18 - 2015-03-04 19:17 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-03-04 19:18 - 2015-03-04 19:18 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2013-02-08 12:29 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
2013-02-08 12:29 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
2015-03-04 19:18 - 2015-03-14 09:26 - 00620056 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-03-04 19:18 - 2015-03-14 09:26 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2015-03-04 19:18 - 2015-03-14 09:26 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll
2015-03-09 23:42 - 2015-03-09 23:42 - 00586240 _____ () C:\Program Files\TakeTTheCoupon\7xV6U2QfUjUwVE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-856814538-4203512516-1295414859-1005\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-856814538-4203512516-1295414859-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-856814538-4203512516-1295414859-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-856814538-4203512516-1295414859-1009\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-856814538-4203512516-1295414859-500 - Administrator - Enabled)
ASPNET (S-1-5-21-856814538-4203512516-1295414859-1010 - Limited - Enabled)
Grounds (S-1-5-21-856814538-4203512516-1295414859-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Grounds
Guest (S-1-5-21-856814538-4203512516-1295414859-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-856814538-4203512516-1295414859-1004 - Limited - Disabled)
Jeff M (S-1-5-21-856814538-4203512516-1295414859-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jeff M
Libby R (S-1-5-21-856814538-4203512516-1295414859-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Libby R
SUPPORT_388945a0 (S-1-5-21-856814538-4203512516-1295414859-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-856814538-4203512516-1295414859-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 08:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 08:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application googleearth.exe, version 7.1.2.2041, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 08:44:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module uiautomationcore.dll, version 7.0.2600.6153, fault address 0x0005b0dc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/05/2015 08:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2015 03:16:36 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/05/2015 03:16:36 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/04/2015 11:55:38 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction . Error 5 occurred while ending the transaction.

Error: (03/04/2015 11:49:52 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction . Error 5 occurred while ending the transaction.

System errors:
=============
Error: (03/16/2015 03:48:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 03:48:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:56:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:56:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:55:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:55:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:54:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:54:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:53:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Error: (03/16/2015 08:53:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3582.07 MB
Available physical RAM: 2269.05 MB
Total Pagefile: 5608.42 MB
Available Pagefile: 568.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:121.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (SAMSUNG_MFP) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive e: (USB DISK) (Removable) (Total:1.8 GB) (Free:1.36 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 0557D988)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)

==================== End Of Log ============================

 

Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Microsoft Windows XP x86
Ran by Jeff M on Tue 03/17/2015 at 15:47:05.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/17/2015 at 15:57:23.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebites Log

This program rebooted the computer and I cant find where it saved the log

 

Combo Fix Log

 

ComboFix 15-03-14.03 - Jeff M 03/17/2015  18:06:04.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3582.2972 [GMT -4:00]
Running from: c:\documents and settings\Jeff M\Desktop\malwareremoval\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-17 to 2015-03-17  )))))))))))))))))))))))))))))))
.
.
2015-03-17 21:12 . 2015-03-17 21:12 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-17 21:11 . 2015-03-17 21:12 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-17 21:11 . 2015-03-17 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-03-17 21:11 . 2014-11-21 10:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 21:11 . 2014-11-21 10:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-17 19:43 . 2015-03-17 21:55 -------- d-----w- c:\documents and settings\Jeff M\Application Data\HPAppData
2015-03-17 18:57 . 2015-03-17 19:09 -------- d-----w- C:\AdwCleaner
2015-03-16 19:55 . 2015-03-17 18:51 -------- d-----w- C:\FRST
2015-03-08 02:22 . 2015-03-16 13:27 20 ----a-w- c:\documents and settings\Jeff M\Application Data\appdataFr3.bin
2015-03-06 00:55 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2015-03-06 00:55 . 2015-03-12 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-06 00:54 . 2015-03-06 01:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-03-06 00:34 . 2015-03-06 00:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-06 00:25 . 2015-03-06 00:25 -------- d-----w- c:\program files\Common Files\Java
2015-03-06 00:18 . 2015-03-06 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle
2015-03-04 22:55 . 2015-03-04 22:55 -------- d-----w- c:\documents and settings\Jeff M\Application Data\AVG2015
2015-03-04 22:48 . 2015-03-04 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
2015-03-04 22:48 . 2015-03-04 22:48 -------- d-----w- C:\$AVG
2015-03-04 22:41 . 2015-03-04 22:59 -------- d-----w- c:\documents and settings\Jeff M\Local Settings\Application Data\Avg2015
2015-03-03 23:25 . 2015-03-17 21:37 -------- d-----w- c:\program files\RelaySoft
2015-03-03 23:24 . 2015-03-04 23:44 -------- d-----w- c:\program files\Veritabs
2015-03-03 23:22 . 2015-03-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{ac6143da-fd51-7668-ac61-143dafd50f6b}
2015-02-20 02:27 . 2015-02-20 02:27 202208 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-02-18 13:47 . 2015-02-18 13:47 17323192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 20:04 . 2015-02-17 20:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 00:18 . 2014-10-18 23:56 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-02-03 15:47 . 2015-02-03 15:47 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-01-23 14:40 . 2015-01-23 14:40 107488 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-01-17 16:26 . 2008-11-19 15:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot
2015-01-17 16:26 . 1995-12-01 16:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot
2015-01-16 16:15 . 2015-01-16 16:15 210400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Service Monitor"="c:\program files\Fitbit\fitbit-tray.exe" [2012-06-22 2177056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-08-21 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2007-05-23 696320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 350072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-03-29 15496000]
"NvMediaCenter"="NvMCTray.dll" [2012-03-29 108352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-20 3710416]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
NETGEAR WNA3100 Genie.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2013-2-8 8266456]
Wireless PCI Card Configuration Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2012-3-11 4513280]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX3400\\SCNSearch\\USDAgent.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Scan Assistant\\USDAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Samsung\\Easy Document Creator\\EDC.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"c:\\WINDOWS\\system32\\VaultFilesDownloader.exe"=
"c:\\Program Files\\a la mode\\Vault\\Vault.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\uninstall.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [11/18/2014 10:41 PM 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/3/2015 11:47 AM 265184]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [6/18/2014 9:03 PM 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [6/18/2014 9:03 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2/19/2015 10:27 PM 202208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [6/18/2014 9:03 PM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/28/2014 9:43 PM 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [1/16/2015 12:15 PM 210400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2/19/2015 10:43 PM 3411408]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2/19/2015 10:37 PM 308720]
R2 Fitbit;Fitbit Data Uploader;c:\program files\Fitbit\fitbit.exe [7/10/2012 6:38 PM 773152]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3/5/2015 8:55 PM 2088408]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [3/14/2011 2:36 AM 5120]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2/8/2013 12:29 PM 1034240]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2/18/2012 10:04 AM 12032]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2/18/2012 10:04 AM 39424]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [3/5/2015 8:55 PM 1738168]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [3/5/2015 8:55 PM 171928]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2/8/2013 12:29 PM 307928]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [7/10/2012 6:38 PM 21992]
S3 WMP11;Instant Wireless PCI Card Driver;c:\windows\system32\drivers\WMP11NDS.sys [3/11/2012 9:08 AM 54083]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 08:12 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 19:50]
.
2015-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-03-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-03-06 16:52]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-04 23:02]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-04 23:02]
.
2015-03-17 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2015-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2015-03-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-03-06 15:41]
.
2015-03-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-03-06 15:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {A6858057-8380-466B-AE5E-77BB8A551D7E} - hxxps://vault.alamode.com/cab/vaultinstall.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-FITBIT&10C4&84C4 - c:\program files\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-InstallShield_{BF36BCF3-FA5C-402B-AA20-3909B813142A} - c:\documents and settings\Jeff M\Application Data\InstallShield Installation Information\{BF36BCF3-FA5C-402B-AA20-3909B813142A}\setup.exe/uninst -removeonly
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-17 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2015-03-17  18:38:34 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-17 22:38
.
Pre-Run: 132,102,082,560 bytes free
Post-Run: 131,963,588,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E8630649720EFD7A55157FEF8727432B
09CE7397AF23D4C0B331B89D0297CC7E
 

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 18 March 2015 - 02:03 PM

This program rebooted the computer and I cant find where it saved the log

Start malwareBytes > History > Application Logs > Double click on the Log file >  Export > txt file > save

------------------------

Please post Adwcleaner Log !

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 March 2015 - 02:42 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/17/2015
Scan Time: 5:12:59 PM
Logfile: malwarebites.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Jeff M

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 540147
Time Elapsed: 15 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.EpicPlay.A, HKU\S-1-5-21-856814538-4203512516-1295414859-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [e2b92422ef9b63d30d0c021d3cc73cc4],
PUP.Optional.EpicPlay.A, HKU\S-1-5-21-856814538-4203512516-1295414859-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}, Quarantined, [e2b92422ef9b63d30d0c021d3cc73cc4],
PUP.Optional.CartWheelShopping.A, HKU\S-1-5-21-856814538-4203512516-1295414859-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [049783c3d1b9aa8ca1c44f10a85bd927],
PUP.Optional.CartWheelShopping.A, HKU\S-1-5-21-856814538-4203512516-1295414859-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B50DF051-E1D4-439C-B94E-F4DE82B56542}, Quarantined, [049783c3d1b9aa8ca1c44f10a85bd927],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [ff9c45018a008da91d672710828323dd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\SearchProtect, Quarantined, [8b10dd695832c17536a98400aa59718f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\SearchProtect\Logs, Quarantined, [8b10dd695832c17536a98400aa59718f],

Files: 2
PUP.Optional.Amonetize, C:\Documents and Settings\Jeff M\My Documents\Downloads\Used Concession Trailers For S Downloader.zip, Quarantined, [3764b492c4c6cd6908d0ac81a26030d0],
PUP.Optional.Multiplug, C:\Program Files\RelaySoft\RelaySoft.dll, Quarantined, [e1ba56f0f2989c9a4e7f7bb231d137c9],

Physical Sectors: 0
(No malicious items detected)

(end)

Attached Files



#14 twoboysdad

twoboysdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 March 2015 - 02:46 PM

# AdwCleaner v4.112 - Logfile created 17/03/2015 at 15:09:34
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jeff M - CONCESSIONS
# Running from : C:\Documents and Settings\Jeff M\Desktop\malwareremoval\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\TakeTTheCoupon1
Folder Deleted : C:\Documents and Settings\Grounds\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Jeff M\Application Data\HPAppData

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c616b728}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E06EED53-863A-446D-8F3C-617EC8F9870B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v41.0.2272.89

[C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3277370&CUI=UN28790460832944929&UM=2
[C:\Documents and Settings\Jeff M\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20284&r=2015/03/03&hid=11833403230814882127&lg=EN&cc=US&unqvl=84

*************************

AdwCleaner[R0].txt - [11004 bytes] - [17/03/2015 14:58:17]
AdwCleaner[R1].txt - [11023 bytes] - [17/03/2015 15:04:48]
AdwCleaner[S0].txt - [11165 bytes] - [17/03/2015 15:09:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11225  bytes] ##########

Attached Files



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 18 March 2015 - 02:57 PM

Hi again,

Step 1:
Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.
 
All browsers should be closed.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
  • Make sure that the option Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 3:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users