Jump to content

Recommended Posts

I am getting numerous warnings from Malwarebytes that it has "successfully blocked access to a potentially malicious website 162.210.192.22".  Also same message with .26 at end.  I have run a quick scan with MalwareBytes and it found about 20 problems, which I had removed.  I haven't received any of the topic messages since I did the scan, so problem may have been solved.  I am curious as to what this malicious site is and what piece of software is causing the warning.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Ron (administrator) on SANDRA on 11-03-2014 09:04:02
Running from C:\Documents and Settings\Ron\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Print Artist Gold\ReminderApp.exe
() C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Goto.Games) C:\Program Files\Goto.Games\Funbridge2\FbNotificationsComServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ReminderApp_69961952-30DE-4DEB-B6FB-572D30956785] - C:\Program Files\Print Artist Gold\ReminderApp.exe [144728 2011-03-09] ()
HKLM\...\Run: [iOGEAR Auto Printer Sharing Switch] - C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [867328 2010-03-05] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Microsoft Works Update Detection] - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28672 2002-07-09] (Microsoft® Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [FbNotifications] - C:\Program Files\Goto.Games\Funbridge2\FbNotificationsComServer.exe [491008 2012-04-05] (Goto.Games)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-05] (RealNetworks, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1085031214-1229272821-682003330-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL =
SearchScopes: HKCU - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN23638290421037710&UM=2
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = www.google.com
SearchScopes: HKCU - {023FCBBB-9260-4161-8E5D-291F48FF8C02} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} URL = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9C1E121E-5004-4CBD-948C-D17FBF8473B1&apn_sauid=3F2EC71A-3BAF-4B5C-9559-88E1853F5786
SearchScopes: HKCU - {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN23638290421037710&UM=2
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218
FF user.js: detected! => C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: TidyNetwork - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork [2014-03-05]
FF Extension: MixiDJ V30  - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} [2013-12-11]
FF Extension: Adblock Plus - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\Program Files\Pogo Games\firefox\
FF Extension: iWinGames Plugin - C:\Program Files\Pogo Games\firefox\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-09] (Acronis)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492896 2008-04-09] ()

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1312576 2008-05-20] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42648 2011-09-01] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [12184 2011-09-01] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2012-06-08] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2012-06-08] (Acronis)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 09:03 - 2014-03-11 09:04 - 00000000 ____D () C:\FRST
2014-03-10 11:59 - 2014-03-10 12:02 - 00001910 _____ () C:\Documents and Settings\Ron\Desktop\MWB MBAM (zipped).zip
2014-03-09 12:13 - 2014-03-09 12:13 - 00000000 ____D () C:\Avenger
2014-03-07 22:06 - 2014-03-11 08:48 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-07 22:06 - 2014-03-08 16:00 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 20:23 - 2014-03-07 20:24 - 00004696 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 11:20 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-07 11:20 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-07 09:50 - 2014-03-07 20:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-05 23:06 - 2014-03-11 08:50 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-1229272821-682003330-1003.job
2014-03-05 23:06 - 2014-03-11 08:50 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-1229272821-682003330-1003.job
2014-03-05 23:05 - 2014-03-05 23:05 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\RealNetworks
2014-03-05 23:03 - 2014-03-05 23:03 - 00000929 _____ () C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2014-03-05 23:03 - 2014-03-05 23:03 - 00000000 ____D () C:\Program Files\RealNetworks
2014-03-05 23:03 - 2014-03-05 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-03-05 23:01 - 2014-03-05 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-03-05 23:01 - 2014-03-05 23:01 - 00272896 _____ (Progressive Networks) C:\WINDOWS\system32\pncrt.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\rmoc3260.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5016.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5032.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\dvdcss
2014-03-05 23:00 - 2014-03-05 23:02 - 00000000 ____D () C:\Program Files\Real
2014-03-05 22:58 - 2014-03-05 23:04 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\Real
2014-03-05 21:56 - 2014-03-05 23:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-03-05 21:54 - 2014-03-07 22:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-05 21:41 - 2014-03-09 12:04 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-01 16:41 - 2014-03-01 16:41 - 00000112 _____ () C:\Documents and Settings\Ron\Desktop\You Tube.url
2014-03-01 16:31 - 2014-03-01 16:31 - 00000116 _____ () C:\Documents and Settings\Ron\Desktop\NW Trek Fun Club.url
2014-02-28 18:00 - 2014-03-04 15:12 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\Receipts
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Program Files\KillProcess
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Documents and Settings\Ron\Start Menu\Programs\KillProcess
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\KillProcess Kill Lists
2014-02-16 11:17 - 2014-02-16 11:17 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-02-15 11:24 - 2014-02-15 11:24 - 00000042 _____ () C:\Documents and Settings\Ron\My Documents\Iso filenames.txt
2014-02-15 09:06 - 2014-03-08 11:29 - 00000000 ____D () C:\Recovered info
2014-02-14 22:51 - 2014-02-16 11:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 09:38 - 2014-02-15 16:56 - 00000473 _____ () C:\Documents and Settings\Ron\Application Data\burnaware.ini
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\Program Files\BurnAware Free
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Free
2014-02-12 17:54 - 2014-02-12 17:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 17:36 - 2014-02-12 17:38 - 00011060 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 17:35 - 2014-02-12 17:36 - 00004169 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 12:16 - 2014-02-12 17:54 - 00013085 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 22:08 - 2014-02-15 11:16 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\Jawbone UP Important numbers

==================== One Month Modified Files and Folders =======

2014-03-11 09:04 - 2014-03-11 09:03 - 00000000 ____D () C:\FRST
2014-03-11 09:02 - 2012-06-07 20:45 - 01773632 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-11 08:58 - 2013-11-17 11:34 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-11 08:58 - 2012-06-08 20:04 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-11 08:53 - 2012-06-07 12:50 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-11 08:50 - 2014-03-05 23:06 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-1229272821-682003330-1003.job
2014-03-11 08:50 - 2014-03-05 23:06 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-1229272821-682003330-1003.job
2014-03-11 08:49 - 2012-06-07 12:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-11 08:49 - 2012-06-07 12:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-11 08:49 - 2006-02-28 05:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-11 08:48 - 2014-03-07 22:06 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-11 08:48 - 2012-06-07 21:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-10 20:26 - 2012-06-07 21:32 - 00000178 ___SH () C:\Documents and Settings\Ron\ntuser.ini
2014-03-10 20:26 - 2012-06-07 21:05 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-10 17:40 - 2012-06-07 21:32 - 00000000 ____D () C:\Documents and Settings\Ron
2014-03-10 12:02 - 2014-03-10 11:59 - 00001910 _____ () C:\Documents and Settings\Ron\Desktop\MWB MBAM (zipped).zip
2014-03-10 09:29 - 2013-01-30 10:47 - 00382919 _____ () C:\WINDOWS\setupapi.log
2014-03-09 12:13 - 2014-03-09 12:13 - 00000000 ____D () C:\Avenger
2014-03-09 12:13 - 2012-12-22 09:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2753842-v2$
2014-03-09 12:04 - 2014-03-05 21:41 - 00000000 ____D () C:\Program Files\TidyNetwork
2014-03-08 18:01 - 2012-06-08 15:47 - 00002335 _____ () C:\Documents and Settings\All Users\Desktop\Street Atlas.lnk
2014-03-08 16:00 - 2014-03-07 22:06 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-08 11:29 - 2014-02-15 09:06 - 00000000 ____D () C:\Recovered info
2014-03-07 22:58 - 2014-03-05 21:54 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-07 22:06 - 2012-11-16 20:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-07 20:24 - 2014-03-07 20:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 20:24 - 2014-03-07 20:23 - 00004696 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00365949 _____ () C:\WINDOWS\iis6.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00340056 _____ () C:\WINDOWS\FaxSetup.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00162580 _____ () C:\WINDOWS\ocgen.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00155156 _____ () C:\WINDOWS\tsoc.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00112773 _____ () C:\WINDOWS\comsetup.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00103282 _____ () C:\WINDOWS\msmqinst.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00068422 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00059565 _____ () C:\WINDOWS\netfxocm.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00023375 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00018810 _____ () C:\WINDOWS\ocmsn.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00017105 _____ () C:\WINDOWS\tabletoc.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00016995 _____ () C:\WINDOWS\msgsocm.log
2014-03-07 20:24 - 2013-02-14 08:21 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-03-07 20:03 - 2014-03-07 09:50 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-06 21:10 - 2013-05-14 13:33 - 00005712 _____ () C:\WINDOWS\wmsetup.log
2014-03-05 23:06 - 2014-03-05 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-03-05 23:05 - 2014-03-05 23:05 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\RealNetworks
2014-03-05 23:04 - 2014-03-05 22:58 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\Real
2014-03-05 23:03 - 2014-03-05 23:03 - 00000929 _____ () C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2014-03-05 23:03 - 2014-03-05 23:03 - 00000000 ____D () C:\Program Files\RealNetworks
2014-03-05 23:03 - 2014-03-05 23:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-03-05 23:03 - 2014-03-05 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-03-05 23:02 - 2014-03-05 23:00 - 00000000 ____D () C:\Program Files\Real
2014-03-05 23:01 - 2014-03-05 23:01 - 00272896 _____ (Progressive Networks) C:\WINDOWS\system32\pncrt.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\rmoc3260.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5016.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\pndx5032.dll
2014-03-05 23:01 - 2014-03-05 23:01 - 00000000 ____D () C:\Documents and Settings\Ron\Application Data\dvdcss
2014-03-05 23:00 - 2008-04-09 18:29 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2014-03-05 23:00 - 2008-04-09 18:29 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2014-03-05 17:44 - 2013-03-12 20:17 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-04 15:12 - 2014-02-28 18:00 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\Receipts
2014-03-03 14:25 - 2012-06-08 19:30 - 00000000 ____D () C:\Documents and Settings\Ron\Desktop\System
2014-03-01 16:41 - 2014-03-01 16:41 - 00000112 _____ () C:\Documents and Settings\Ron\Desktop\You Tube.url
2014-03-01 16:31 - 2014-03-01 16:31 - 00000116 _____ () C:\Documents and Settings\Ron\Desktop\NW Trek Fun Club.url
2014-02-25 18:59 - 2014-03-07 11:20 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 18:59 - 2014-03-07 11:20 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-20 21:05 - 2012-06-08 20:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 21:05 - 2012-06-08 20:04 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Program Files\KillProcess
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Documents and Settings\Ron\Start Menu\Programs\KillProcess
2014-02-20 01:42 - 2014-02-20 01:42 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\KillProcess Kill Lists
2014-02-16 11:17 - 2014-02-16 11:17 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-02-16 11:17 - 2014-02-14 22:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 16:56 - 2014-02-14 09:38 - 00000473 _____ () C:\Documents and Settings\Ron\Application Data\burnaware.ini
2014-02-15 11:24 - 2014-02-15 11:24 - 00000042 _____ () C:\Documents and Settings\Ron\My Documents\Iso filenames.txt
2014-02-15 11:16 - 2014-02-11 22:08 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\Jawbone UP Important numbers
2014-02-15 08:33 - 2012-06-08 15:29 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\Program Files\BurnAware Free
2014-02-14 09:36 - 2014-02-14 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Free
2014-02-12 17:54 - 2014-02-12 17:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 17:54 - 2014-02-12 12:16 - 00013085 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 17:54 - 2013-02-14 08:21 - 00032711 _____ () C:\WINDOWS\updspapi.log
2014-02-12 17:54 - 2013-02-14 08:21 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 17:43 - 2013-09-08 16:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 17:38 - 2014-02-12 17:36 - 00011060 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 17:36 - 2014-02-12 17:35 - 00004169 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-11 21:56 - 2014-02-08 10:05 - 00000000 ____D () C:\Documents and Settings\Ron\My Documents\IPhone important numbers

Some content of TEMP:
====================
C:\Documents and Settings\Ron\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Ron\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Ron\Local Settings\temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2014
Ran by Ron at 2014-03-11 09:05:50
Running from C:\Documents and Settings\Ron\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acronis True Image Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8101 - Acronis)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.6.0.224 - Atheros)
Bing Icon Installer (HKLM\...\{1947EF24-CFBF-4857-AF58-247021830540}) (Version: 1.0.0 - Iconomize.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BurnAware Free 6.9.2 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated) <==== ATTENTION
DeLorme Street Atlas USA 2011 (HKLM\...\{D0AE9222-C133-4135-BE5B-BE6ED6D6D78B}) (Version: 11.100.22360 - DeLorme Publishing)
DVD Decoder Pak for Windows XP (HKLM\...\{92C5DB3D-9D6F-4324-BB11-57825F4C2635}) (Version: 1.0.0 - roddy2000@hotbox.ru)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
Funbridge2 (HKLM\...\Funbridge2) (Version: 2.6.0.0 - Goto.Games)
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IOGEAR Auto Printer Sharing Switch 2.0 (HKLM\...\IOGEAR Auto Printer Sharing Switch_is1) (Version:  - IOGEAR, Inc.)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KillProcess 2.44 (HKLM\...\KillProcess) (Version: 2.44 - Orange Lamp Software Solutions)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MuvEnum Address Bar - Windows Explorer Extension (HKLM\...\AddressBar) (Version: 5.3.3.0 - MuvEnum)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.19 - Prolific Technology INC)
Pogo Games (remove only) (HKLM\...\PogoDGC) (Version:  - )
Print Artist Gold (HKLM\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.0.36 - Nova Development)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Topo USA 4.0 (HKLM\...\{31ED608D-8826-41AA-913F-DBC45CB4DE09}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

11-12-2013 18:58:40 System Checkpoint
11-12-2013 19:41:10 Software Distribution Service 3.0
12-12-2013 06:40:30 Software Distribution Service 3.0
13-12-2013 00:47:13 Software Distribution Service 3.0
14-12-2013 02:02:17 Software Distribution Service 3.0
14-12-2013 06:39:13 Software Distribution Service 3.0
15-12-2013 17:40:45 Software Distribution Service 3.0
16-12-2013 17:45:43 System Checkpoint
17-12-2013 03:51:00 Software Distribution Service 3.0
18-12-2013 05:02:57 System Checkpoint
18-12-2013 18:23:22 Software Distribution Service 3.0
19-12-2013 19:04:17 System Checkpoint
20-12-2013 05:06:11 Software Distribution Service 3.0
21-12-2013 05:43:52 Software Distribution Service 3.0
21-12-2013 16:49:16 Removed Java 7 Update 45
21-12-2013 16:57:21 Installed Java 7 Update 45
22-12-2013 16:28:24 Software Distribution Service 3.0
23-12-2013 16:51:59 Software Distribution Service 3.0
24-12-2013 18:15:26 System Checkpoint
25-01-2014 02:12:18 System Checkpoint
25-01-2014 05:44:32 Software Distribution Service 3.0
25-12-2013 17:39:37 System Checkpoint
26-12-2013 17:05:05 Software Distribution Service 3.0
27-12-2013 17:22:52 Software Distribution Service 3.0
28-12-2013 18:34:41 System Checkpoint
29-12-2013 17:56:49 Software Distribution Service 3.0
30-12-2013 19:07:49 System Checkpoint
31-12-2013 16:34:41 Software Distribution Service 3.0
01-01-2014 18:20:50 Software Distribution Service 3.0
02-01-2014 19:51:02 System Checkpoint
03-01-2014 17:03:12 Software Distribution Service 3.0
04-01-2014 17:51:19 System Checkpoint
05-01-2014 15:37:36 Software Distribution Service 3.0
06-01-2014 17:41:07 Software Distribution Service 3.0
07-01-2014 17:50:45 System Checkpoint
07-01-2014 23:52:54 Software Distribution Service 3.0
09-01-2014 00:02:11 System Checkpoint
09-01-2014 05:17:40 Software Distribution Service 3.0
10-01-2014 06:21:21 Software Distribution Service 3.0
11-01-2014 17:03:11 Software Distribution Service 3.0
12-01-2014 17:20:37 Software Distribution Service 3.0
13-01-2014 17:32:38 System Checkpoint
13-01-2014 22:55:44 Software Distribution Service 3.0
14-01-2014 23:22:22 System Checkpoint
15-01-2014 03:36:29 Software Distribution Service 3.0
16-01-2014 03:39:41 System Checkpoint
16-01-2014 16:45:19 Software Distribution Service 3.0
16-01-2014 17:06:49 Software Distribution Service 3.0
17-01-2014 18:27:17 Software Distribution Service 3.0
18-01-2014 18:37:21 System Checkpoint
19-01-2014 15:57:35 Software Distribution Service 3.0
20-01-2014 17:36:21 Software Distribution Service 3.0
21-01-2014 18:57:39 System Checkpoint
21-01-2014 23:54:43 Software Distribution Service 3.0
23-01-2014 00:11:23 System Checkpoint
23-01-2014 16:49:06 Software Distribution Service 3.0
24-01-2014 17:19:44 Software Distribution Service 3.0
25-01-2014 17:37:55 Software Distribution Service 3.0
26-01-2014 19:26:07 System Checkpoint
27-01-2014 16:47:57 Software Distribution Service 3.0
28-01-2014 17:16:07 Software Distribution Service 3.0
29-01-2014 17:51:56 System Checkpoint
29-01-2014 22:40:27 Software Distribution Service 3.0
30-01-2014 22:41:16 System Checkpoint
31-01-2014 16:36:22 Software Distribution Service 3.0
01-02-2014 17:21:42 Software Distribution Service 3.0
03-02-2014 00:12:56 System Checkpoint
03-02-2014 16:41:46 Software Distribution Service 3.0
04-02-2014 16:35:38 Installed Java 7 Update 51
05-02-2014 16:59:52 Software Distribution Service 3.0
06-02-2014 03:55:25 Installed Bing Icon Installer
07-02-2014 04:56:18 System Checkpoint
07-02-2014 05:37:17 Software Distribution Service 3.0
08-02-2014 16:44:19 Software Distribution Service 3.0
09-02-2014 16:58:26 Software Distribution Service 3.0
10-02-2014 18:27:36 Software Distribution Service 3.0
11-02-2014 19:05:01 System Checkpoint
11-02-2014 23:45:28 Software Distribution Service 3.0
13-02-2014 00:11:20 Software Distribution Service 3.0
13-02-2014 00:28:05 Software Distribution Service 3.0
14-02-2014 15:46:55 Software Distribution Service 3.0
15-02-2014 15:57:44 System Checkpoint
15-02-2014 23:17:28 Software Distribution Service 3.0
16-02-2014 23:25:45 System Checkpoint
17-02-2014 04:46:44 Software Distribution Service 3.0
18-02-2014 16:43:51 Software Distribution Service 3.0
19-02-2014 18:06:27 System Checkpoint
20-02-2014 07:22:38 Software Distribution Service 3.0
21-02-2014 14:11:53 Software Distribution Service 3.0
22-02-2014 15:56:57 Software Distribution Service 3.0
23-02-2014 16:07:56 System Checkpoint
23-02-2014 18:13:39 Software Distribution Service 3.0
24-02-2014 23:42:15 Software Distribution Service 3.0
26-02-2014 00:38:21 System Checkpoint
26-02-2014 04:35:10 Software Distribution Service 3.0
27-02-2014 16:32:26 Software Distribution Service 3.0
28-02-2014 19:24:40 Software Distribution Service 3.0
01-03-2014 21:15:51 System Checkpoint
02-03-2014 14:53:28 Software Distribution Service 3.0
03-03-2014 15:17:14 System Checkpoint
04-03-2014 00:47:47 Software Distribution Service 3.0
05-03-2014 01:10:18 System Checkpoint
05-03-2014 02:14:16 Software Distribution Service 3.0
06-03-2014 05:15:05 System Checkpoint
06-03-2014 15:50:50 Software Distribution Service 3.0
07-03-2014 18:30:46 Software Distribution Service 3.0
08-03-2014 03:23:12 Software Distribution Service 3.0
08-03-2014 22:58:32 Software Distribution Service 3.0
10-03-2014 02:55:15 Software Distribution Service 3.0
11-03-2014 16:00:10 Software Distribution Service 3.0

==================== Hosts content: ==========================

2006-02-28 05:00 - 2014-02-07 19:34 - 00449915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-1229272821-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-1229272821-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2012-01-18 15:12 - 2012-01-18 15:12 - 00032768 _____ () C:\Program Files\MuvEnum\AddressBar\BandObjectLib.dll
2009-07-26 16:26 - 2009-07-26 16:26 - 00886272 _____ () C:\Program Files\MuvEnum\AddressBar\System.Data.SQLite.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-03-09 17:34 - 2011-03-09 17:34 - 00144728 _____ () C:\Program Files\Print Artist Gold\ReminderApp.exe
2011-03-09 17:31 - 2011-03-09 17:31 - 00089440 _____ () C:\Program Files\Print Artist Gold\AddressBookCore.dll
2011-03-09 17:34 - 2011-03-09 17:34 - 00152944 _____ () C:\Program Files\Print Artist Gold\en-US\ReminderApp.resources.dll
2013-01-02 11:42 - 2010-03-05 15:37 - 00867328 _____ () C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
2011-10-07 02:41 - 2011-10-07 02:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-02-14 22:51 - 2014-02-14 22:51 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2006-02-28 05:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-02-20 21:05 - 2014-02-20 21:05 - 16265096 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IOGEAR Auto Printer Sharing Switch => C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8102E Family PCI-E Fast Ethernet NIC
Description: Realtek RTL8102E Family PCI-E Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078

Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078

Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3663484

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3663484

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 05:00:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5937


System errors:
=============
Error: (03/11/2014 08:49:01 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2014 08:16:56 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2014 06:25:56 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2014 05:33:56 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2014 04:52:34 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/10/2014 09:29:01 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/09/2014 07:43:41 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/09/2014 11:19:58 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/08/2014 04:12:05 PM) (Source: Print) (User: NT AUTHORITY)
Description: The document Microsoft Word - New Purse Simplicity A1495.doc owned by Ron failed to print on printer HP Officejet J4500 Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 33992. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\SANDRA. Win32 error code returned by the print processor: Microsoft Word - New Purse Simplicity A1495.doc0. Microsoft Word - New Purse Simplicity A1495.doc1

Error: (03/08/2014 03:45:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00242B0ECFFD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4078

Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4078

Error: (03/09/2014 01:25:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000

Error: (03/09/2014 01:25:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3663484

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3663484

Error: (03/08/2014 06:01:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 05:00:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5937


==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1011.88 MB
Available physical RAM: 203.43 MB
Total Pagefile: 2431.36 MB
Available Pagefile: 1471.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:110.63 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (GIZMO) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 12B912B8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 002F9981)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-11 10:52:09
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9A300 rev.FB2OC40C 149.05GB
Running: xmnr3yze.exe; Driver: C:\DOCUME~1\Ron\LOCALS~1\Temp\kwtdypob.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1  tdrpman.sys
AttachedDevice  \FileSystem\Fastfat \Fat                fltmgr.sys

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Fix with FRST (normal mode)

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by Ron at 2014-03-13 08:38:23 Run:1
Running from C:\Documents and Settings\Ron\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL =
SearchScopes: HKCU - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://us.yhs4.searc...482,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} URL = http://www.mysearchr...&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} URL = http://websearch.ask...J&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9C1E121E-5004-4CBD-948C-D17FBF8473B1&apn_sauid=3F2EC71A-3BAF-4B5C-9559-88E1853F5786
SearchScopes: HKCU - {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN23638290421037710&UM=2
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: TidyNetwork - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork [2014-03-05]
FF Extension: MixiDJ V30  - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} [2013-12-11]
FF HKLM\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\Program Files\Pogo Games\firefox\
FF Extension: iWinGames Plugin - C:\Program Files\Pogo Games\firefox\ []

R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)

C:\Program Files\Pogo Games
C:\Program Files\TidyNetwork
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{023FCBBB-9260-4161-8E5D-291F48FF8C02} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{023FCBBB-9260-4161-8E5D-291F48FF8C02} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB7B7DD8-F68D-431C-BC92-34AE04A93003} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CB7B7DD8-F68D-431C-BC92-34AE04A93003} => Key not found.

"C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork" directory move:

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome.manifest => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\install.rdf => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\skin\32x32.png => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.js => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.xul => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\script0.js => Moved successfully.
Could not move "C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork" directory. => Scheduled to move on reboot.

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} => Value deleted successfully.

"C:\Program Files\Pogo Games\firefox\" directory move:

C:\Program Files\Pogo Games\firefox\chrome.manifest => Moved successfully.
C:\Program Files\Pogo Games\firefox\install.rdf => Moved successfully.
C:\Program Files\Pogo Games\firefox\iWinArcadeLauncher.exe => Moved successfully.
C:\Program Files\Pogo Games\firefox\version => Moved successfully.
C:\Program Files\Pogo Games\firefox\chrome\iWinArcade.jar => Moved successfully.
Could not move "C:\Program Files\Pogo Games\firefox\" directory. => Scheduled to move on reboot.

PGMTrusted => Service stopped successfully.
PGMTrusted => Service deleted successfully.
C:\Program Files\Pogo Games => Moved successfully.
C:\Program Files\TidyNetwork => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-13 08:45:24)<=

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork => Moved successfully.
C:\Program Files\Pogo Games\firefox\ => Is moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by Ron at 2014-03-13 08:38:23 Run:1
Running from C:\Documents and Settings\Ron\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL =
SearchScopes: HKCU - DefaultScope {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://us.yhs4.searc...482,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} URL = http://www.mysearchr...&c=0000&t=01&q={searchTerms}
SearchScopes: HKCU - {CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} URL = http://websearch.ask...J&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9C1E121E-5004-4CBD-948C-D17FBF8473B1&apn_sauid=3F2EC71A-3BAF-4B5C-9559-88E1853F5786
SearchScopes: HKCU - {CB7B7DD8-F68D-431C-BC92-34AE04A93003} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN23638290421037710&UM=2
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: TidyNetwork - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork [2014-03-05]
FF Extension: MixiDJ V30  - C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} [2013-12-11]
FF HKLM\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\Program Files\Pogo Games\firefox\
FF Extension: iWinGames Plugin - C:\Program Files\Pogo Games\firefox\ []

R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)

C:\Program Files\Pogo Games
C:\Program Files\TidyNetwork
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{023FCBBB-9260-4161-8E5D-291F48FF8C02} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{023FCBBB-9260-4161-8E5D-291F48FF8C02} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1694A656-BC6B-41E2-A0C0-BEBDAEE11E4F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CB3C4721-8258-4BF5-8F95-FE6222B7F7B6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB7B7DD8-F68D-431C-BC92-34AE04A93003} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CB7B7DD8-F68D-431C-BC92-34AE04A93003} => Key not found.

"C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork" directory move:

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome.manifest => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\install.rdf => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\skin\32x32.png => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.js => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.xul => Moved successfully.
C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork\chrome\content\script0.js => Moved successfully.
Could not move "C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork" directory. => Scheduled to move on reboot.

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} => Value deleted successfully.

"C:\Program Files\Pogo Games\firefox\" directory move:

C:\Program Files\Pogo Games\firefox\chrome.manifest => Moved successfully.
C:\Program Files\Pogo Games\firefox\install.rdf => Moved successfully.
C:\Program Files\Pogo Games\firefox\iWinArcadeLauncher.exe => Moved successfully.
C:\Program Files\Pogo Games\firefox\version => Moved successfully.
C:\Program Files\Pogo Games\firefox\chrome\iWinArcade.jar => Moved successfully.
Could not move "C:\Program Files\Pogo Games\firefox\" directory. => Scheduled to move on reboot.

PGMTrusted => Service stopped successfully.
PGMTrusted => Service deleted successfully.
C:\Program Files\Pogo Games => Moved successfully.
C:\Program Files\TidyNetwork => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-13 08:45:24)<=

C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\Extensions\TidyNetwork@TidyNetwork => Moved successfully.
C:\Program Files\Pogo Games\firefox\ => Is moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ron :: SANDRA [administrator]

Protection: Enabled

3/13/2014 10:23:21 AM
mbam-log-2014-03-13 (10-23-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276513
Time elapsed: 4 hour(s), 35 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\System Volume Information\_restore{B4DE456B-9244-4B88-9F07-DF657DF4DB10}\RP160\A0024840.dll (PUP.Optional.Conduit) -> No action taken.
C:\System Volume Information\_restore{B4DE456B-9244-4B88-9F07-DF657DF4DB10}\RP191\A0032095.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{B4DE456B-9244-4B88-9F07-DF657DF4DB10}\RP191\A0032097.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{B4DE456B-9244-4B88-9F07-DF657DF4DB10}\RP191\A0032098.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{B4DE456B-9244-4B88-9F07-DF657DF4DB10}\RP192\A0033065.exe (PUP.Optional.Sambreel.A) -> No action taken.

(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Documents and Settings\Ron\Local Settings\temp\{E7EAD01E-9C28-4BCE-91AF-4A6E6D208472}\setup.exe    multiple threats
C:\Documents and Settings\Ron\My Documents\Downloads\ARO2012_tbt.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Documents and Settings\Ron\My Documents\Downloads\ccsetup326.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Ron\My Documents\Downloads\KillProcessSetup.exe    a variant of Win32/KillProcess.A potentially unsafe application
C:\Documents and Settings\Ron\My Documents\Downloads\mahjong-garden-deluxe-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\Ron\My Documents\Downloads\word-riot-deluxe-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\KillProcess\KillProcess.exe    a variant of Win32/KillProcess.A potentially unsafe application
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 
 
Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Note from rb daves:  This program froze when I clicked on "clean"

 

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 08:29:03
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ron - SANDRA
# Boot Mode : Normal
# Running from : G:\adwcleaner.exe
# Option [Delete]


***** [services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Ron on Sat 03/15/2014 at 17:39:03.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\freeze.com"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\w3i, llc"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\g259u2z8.default-1356939019218\user.js
Successfully deleted: [Folder] C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\g259u2z8.default-1356939019218\smartbar
Successfully deleted the following from C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\g259u2z8.default-1356939019218\prefs.js


user_pref("CT3298566.installType", "conduitnsisintegration");

user_pref("CT3298566.smartbar.CTID", "CT3298566");
user_pref("CT3298566.smartbar.Uninstall", "0");
user_pref("CT3298566.smartbar.homepage", "true");
user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");

user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");

user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3298566");


user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
user_pref("smartbar.homePageOwnerCTID", "CT3298566");
user_pref("smartbar.machineId", "ORZO/MZABLMO4P/TTDNLDXNURCVEJNHX4JJBPLTVCZK0NYXPSD0JB+0HAKGWBFRYJTIVBU1YCJL6L/MTKGYD6W");
Emptied folder: C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\g259u2z8.default-1356939019218\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/15/2014 at 17:48:21.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

Link to post
Share on other sites

I ran AdwCleaner again and clicked "clean".  Here's the logfile.

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 15:33:58
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ron - SANDRA
# Running from : C:\Documents and Settings\Ron\My Documents\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\ValueApps
File Deleted : C:\DOCUME~1\Ron\LOCALS~1\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Key Deleted : HKCU\Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\g259u2z8.default-1356939019218\prefs.js ]


*************************

AdwCleaner[R0].txt - [14587 octets] - [15/03/2014 14:50:07]
AdwCleaner[R1].txt - [1965 octets] - [16/03/2014 09:01:15]
AdwCleaner[s0].txt - [359 octets] - [15/03/2014 14:57:55]
AdwCleaner[s1].txt - [1914 octets] - [16/03/2014 15:33:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1974 octets] ##########
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.