start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Documents and Settings\User\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5ac8033af26a47d3bed9d16d675081d4-b020def64769dc8aa546c7c4903ee6ef14922b5b --CMPID 09 (the data entry has 3 more characters). HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Documents and Settings\User\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5ac8033af26a47d3bed9d16d675081d4-b020def64769dc8aa546c7c4903ee6ef14922b5b /CMPID=1213 (the data entry has 1 more characters). BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp URLSearchHook: [S-1-5-21-1177238915-1123561945-1417001333-1005] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-02-2809:16:50&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} Toolbar: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath 2013-05-19 20:34 - 2015-06-21 13:20 - 0011776 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\java.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\javaw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\javaws.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WS_ATLMovie.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgdiskx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgidsshimx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgldx86.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avglogx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgmfx86.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgrkx86.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(1).sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(2).sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(3).sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(4).sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(5).sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dllcache\ksproxy.ax:$CmdTcID AlternateDataStreams: C:\Documents and Settings\User\Desktop\slc-elusive-dream-peace-am-aoc.jpg:$CmdZnID AlternateDataStreams: C:\Documents and Settings\User\My Documents\dendrobium-collection.htm:$CmdZnID EmptyTemp: CMD: bitsadmin /reset /allusers end