[LeisaAGH]

Single underlined Blue links are appearing randomly throughout websites that I visit. They go to odd places not related to the word that is linked.

I think it started after downloading "FlashPlayer Pro" last night. I thought it was an update from Adobe FlashPlayer, but it's obviously not because it has a blue snowflake as an icon.

I've run AVG 2013 and it said it found no problems. This is all I have done so far.

I use Mozilla Firefox as a browser.




OTL logfile created on: 1/20/2013 6:28:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leisa Garcia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 27.65% Memory free
8.00 Gb Paging File | 2.48 Gb Available in Paging File | 31.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 101.67 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
Drive D: | 267.11 Gb Total Space | 202.42 Gb Free Space | 75.78% Space Free | Partition Type: NTFS
Drive F: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 15.11 Gb Total Space | 14.47 Gb Free Space | 95.80% Space Free | Partition Type: FAT32

Computer Name: LEISAGARCIA-PC | User Name: Leisa Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
PRC - [2013/01/19 20:49:52 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 05:57:56 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/23 16:15:48 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/05 07:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/09/05 07:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/06 00:12:38 | 002,798,160 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011/10/11 23:53:36 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/09/27 15:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 00:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 00:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 20:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/06/24 00:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 20:49:51 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 05:57:56 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/07/28 16:53:32 | 000,746,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/16 08:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/07 06:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 19:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/13 12:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 20:49:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 06:32:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/05 07:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/09/05 07:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 09:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/13 13:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 11:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/11 23:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 10:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 12:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/05 21:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/16 11:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 11:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 02:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 21:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google....box|about:home"
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: extension21802%40extension21802.com:0.87.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 16:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 20:49:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 20:49:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 20:49:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 20:49:44 | 000,000,000 | ---D | M]

[2012/09/06 14:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Extensions
[2013/01/19 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\chrome
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\defaults
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\locale
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\skin
[2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\chrome\content\extensionCode
[2012/12/17 06:13:13 | 000,002,544 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\searchplugins\aol-search.xml
[2013/01/19 20:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/23 16:16:23 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/01/19 20:49:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/23 16:15:54 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/05 17:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 12:32:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ROC_ROC_JAN2013_AV] C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF76FB9-3FA1-4E1D-84C7-F0109B375E58}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 06:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/19 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/19 19:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/01/19 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Flash Player Pro
[2013/01/19 19:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/01/19 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Updater21802
[2013/01/19 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Shopping Sidekick Plugin
[2013/01/19 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Google
[2013/01/19 19:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin
[2013/01/19 19:44:05 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/01/19 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013/01/18 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign
[2013/01/18 17:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 05:19:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\to Jenifer
[2013/01/17 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\session_01
[2013/01/12 09:13:21 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\My Briefings
[2013/01/11 09:12:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/11 04:53:46 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\SP2012_Session 01_David Barton_data
[2013/01/10 08:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/09 10:11:00 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\Issachar
[2013/01/06 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Apps
[2013/01/06 06:27:22 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2013/01/06 06:26:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/01/06 06:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/01/05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{EE6ABFA3-B179-41AF-8605-6339C15A0D6B}
[2013/01/05 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{ECF35653-C38F-49FA-AE85-F534C38A29C3}
[2013/01/05 12:19:42 | 000,000,000 | R--D | C] -- C:\Users\Leisa Garcia\Documents\Scanned Documents
[2013/01/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Fax
[2012/12/29 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\temp
[2012/12/26 06:58:37 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:44:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Myst V End of Ages
[2012/12/25 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT
[2012/12/25 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UBISOFT
[2012/12/25 10:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backyardigans Mission to Mars
[2012/12/23 16:23:08 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\RealNetworks
[2012/12/23 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/12/23 16:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/23 16:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/23 16:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/23 16:15:50 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll

========== Files - Modified Within 30 Days ==========

[2013/01/20 06:32:19 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/20 05:28:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/19 19:45:07 | 000,001,103 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\Flash Player Pro.lnk
[2013/01/18 19:57:39 | 000,000,554 | ---- | M] () -- C:\windows\tasks\ROC_ROC_JAN2013_AV.job
[2013/01/18 17:52:36 | 000,000,298 | ---- | M] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 05:15:05 | 019,644,591 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\session_04.zip
[2013/01/16 05:03:46 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 05:03:46 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 04:53:51 | 000,112,902 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\SP2012_Session 01_David Barton.aup
[2013/01/10 12:46:45 | 067,996,746 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\SP2012_Session 01_David Barton.mp3
[2013/01/10 05:57:56 | 000,001,653 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/10 05:56:25 | 000,455,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/10 05:55:21 | 3737,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 05:32:59 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/10 05:32:59 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/10 05:32:59 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/06 06:27:28 | 000,001,235 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/30 06:47:25 | 000,001,292 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/26 06:58:37 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:40:21 | 000,008,382 | ---- | M] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012/12/23 16:15:50 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll

========== Files Created - No Company Name ==========

[2013/01/19 19:45:07 | 000,001,103 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\Flash Player Pro.lnk
[2013/01/18 19:57:37 | 000,000,554 | ---- | C] () -- C:\windows\tasks\ROC_ROC_JAN2013_AV.job
[2013/01/18 17:52:36 | 000,000,298 | ---- | C] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 05:15:03 | 019,644,591 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\session_04.zip
[2013/01/11 04:53:51 | 000,112,902 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\SP2012_Session 01_David Barton.aup
[2013/01/10 12:44:56 | 067,996,746 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\SP2012_Session 01_David Barton.mp3
[2013/01/10 05:57:56 | 000,001,653 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/06 06:27:28 | 000,001,235 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/26 06:40:21 | 000,008,382 | ---- | C] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012/11/24 12:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\bibstats
[2012/10/20 08:46:43 | 000,000,064 | -H-- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\f1359f69afe091d4c776b0f864a6cd6e984a9772
[2012/10/20 08:46:43 | 000,000,064 | -H-- | C] () -- C:\ProgramData\f1359f69afe091d4c776b0f864a6cd6e984a9772
[2012/01/09 16:30:22 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 15:49:10 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/09 15:31:59 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/10/31 23:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2011/10/31 23:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2011/10/31 23:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/10/12 23:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/10/12 23:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/21 04:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Activeris
[2012/09/25 06:50:58 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Amazon
[2013/01/18 06:42:12 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Audacity
[2013/01/18 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign
[2012/11/04 05:12:18 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG2013
[2012/10/20 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\iSpring Solutions
[2013/01/06 06:27:22 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2012/11/04 05:11:15 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\TuneUp Software
[2012/09/20 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring QuizMaker 6

< End of report >

[Advertisements]

Hello, LeisaAGH and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please, wait for a while, I'm currently analyzing your logs. The fix is coming soon.

[Phel]

Hello, LeisaAGH and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please, wait for a while, I'm currently analyzing your logs. The fix is coming soon.

[LeisaAGH]

Thank you Phel for your quick response.

I have additional information:

When I put the cursor by the link it shows "click to continue > by shopping sidekick plugin" but I haven't installed sidekick plugin, and there is no listing of it in the Add-ons of Firefox to disable it.

I also was wrong about the link words not seeming to be related. Some do seem related like the word "enroll" which provides a link to a list of colleges, but other words like "principal" links to searching anyone's records, which doesn't seem related.

[Phel]

Okay, let's start.

Step 1. More than one Antivirus software notification.

I have noticed, that you are using more than 1 antivirus software. It isn't recommended, because that can cause system hangs and crashes. So, please leave on your computer only one antivirus - McAfee or AVG. One of them you must uninstall, to keep your system in the stable state.

Step 2. AdwCleaner scan.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Delete button.
• Click on OK.
• Computer will be rebooted automatically, when program will finish it's job.
• After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. Virustotal scan.

• Please, upload the file C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe to VirusTotal.
• If File already analysed window will appear, click on Reanalyse button.
• When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.

Step 4. OTL fix.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..extensions.enabledAddons: extension21802%40extension21802.com:0.87.11
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\chrome
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\defaults
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\locale
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\skin
  [2013/01/19 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\[email protected]\chrome\content\extensionCode
  [2013/01/19 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Updater21802
  [2012/10/20 08:46:43 | 000,000,064 | -H-- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\f1359f69afe091d4c776b0f864a6cd6e984a9772
  [2012/10/20 08:46:43 | 000,000,064 | -H-- | C] () -- C:\ProgramData\f1359f69afe091d4c776b0f864a6cd6e984a9772
  
  :Commands
  [REBOOT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

• Contents of the OTL log.
• Contents of the AdwCleaner log.
• Link to VirusTotal scan results.

[LeisaAGH]

1. I deleted McAfee

2. AdwCleaner Scan

# AdwCleaner v2.009 - Logfile created 01/21/2013 at 06:59:57
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Leisa Garcia - LEISAGARCIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Leisa Garcia\Desktop\adwcleaner-2-009-en-win.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Leisa Garcia\AppData\Local\Wajam
Folder Deleted : C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

Profile name : default
File : C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\prefs.js

C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\user.js ... Deleted !

Deleted : user_pref("CT3239904.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3239904.1000082.state", "{\"state\":\"stopped\",\"text\":\"R&B/Soul,...\",\"description[...]
Deleted : user_pref("CT3239904.1000234.TWC_TMP_city", "SEATTLE");
Deleted : user_pref("CT3239904.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3239904.1000234.TWC_locId", "USWA0395");
Deleted : user_pref("CT3239904.1000234.TWC_location", "Seattle, WA");
Deleted : user_pref("CT3239904.1000234.TWC_region", "US");
Deleted : user_pref("CT3239904.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3239904.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"41°F\",\"temperat[...]
Deleted : user_pref("CT3239904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3239904.FirstTime", "true");
Deleted : user_pref("CT3239904.FirstTimeFF3", "true");
Deleted : user_pref("CT3239904.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT3239904.RevertSettingsEnabled", true);
Deleted : user_pref("CT3239904.UserID", "UN36603216638128196");
Deleted : user_pref("CT3239904.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3239904.autoDisableScopes", -1);
Deleted : user_pref("CT3239904.defaultSearch", "false");
Deleted : user_pref("CT3239904.embeddedsData", "[{\"appId\":\"129878973612432233\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3239904.enableAlerts", "false");
Deleted : user_pref("CT3239904.enableSearchFromAddressBar", "false");
Deleted : user_pref("CT3239904.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3239904.fixPageNotFoundError", "true");
Deleted : user_pref("CT3239904.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3239904.fixUrls", true);
Deleted : user_pref("CT3239904.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Deleted : user_pref("CT3239904.installId", "conduitinstaller.exe");
Deleted : user_pref("CT3239904.installType", "conduitnsisintegration");
Deleted : user_pref("CT3239904.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3239904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3239904.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3239904.isNewTabEnabled", false);
Deleted : user_pref("CT3239904.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3239904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3239904.migrateAppsAndComponents", true);
Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fzoom-thx.fordown[...]
Deleted : user_pref("CT3239904.openThankYouPage", "false");
Deleted : user_pref("CT3239904.openUninstallPage", "false");
Deleted : user_pref("CT3239904.revertSettingsEnabled", "false");
Deleted : user_pref("CT3239904.search.searchAppId", "129878973612432233");
Deleted : user_pref("CT3239904.search.searchCount", "0");
Deleted : user_pref("CT3239904.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3239904.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3239904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3239904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3239904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-barackobama_lastUpdate", "1354632430479"[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-britneyspears_lastUpdate", "135463243040[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-eonline_lastUpdate", "1354632430439");
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-justinbieber_lastUpdate", "1354632430461[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mariahcarey_lastUpdate", "1354632430422"[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mileycyrus_lastUpdate", "1354632430379")[...]
Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-ryanseacrest_lastUpdate", "1354632430560[...]
Deleted : user_pref("CT3239904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354632345889");
Deleted : user_pref("CT3239904.serviceLayer_services_appsMetadata_lastUpdate", "1354632345873");
Deleted : user_pref("CT3239904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354632346762");
Deleted : user_pref("CT3239904.serviceLayer_services_login_10.13.50.14_lastUpdate", "1355579360818");
Deleted : user_pref("CT3239904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354632346816");
Deleted : user_pref("CT3239904.serviceLayer_services_popularImagesService_lastUpdate", "1354634007001");
Deleted : user_pref("CT3239904.serviceLayer_services_popularService_lastUpdate", "1354634007005");
Deleted : user_pref("CT3239904.serviceLayer_services_searchAPI_lastUpdate", "1354632344893");
Deleted : user_pref("CT3239904.serviceLayer_services_serviceMap_lastUpdate", "1355583337897");
Deleted : user_pref("CT3239904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354632346715");
Deleted : user_pref("CT3239904.serviceLayer_services_toolbarSettings_lastUpdate", "1355579360378");
Deleted : user_pref("CT3239904.serviceLayer_services_translation_lastUpdate", "1355583338234");
Deleted : user_pref("CT3239904.settingsINI", true);
Deleted : user_pref("CT3239904.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3239904.smartbar.CTID", "CT3239904");
Deleted : user_pref("CT3239904.smartbar.Uninstall", "0");
Deleted : user_pref("CT3239904.smartbar.toolbarName", "SocialSearchBar_App ");
Deleted : user_pref("CT3239904.startPage", "false");
Deleted : user_pref("CT3239904.toolbarBornServerTime", "4-12-2012");
Deleted : user_pref("CT3239904.toolbarCurrentServerTime", "15-12-2012");
Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;w[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{ADEBBB73-3A10-FF5C-586E-6185B8A23655}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.8935");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "17");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "11");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2012");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "17");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "8");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "12");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1355753591044");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "17-12-2012");
Deleted : user_pref("aol_toolbar.search.instd", "2012121791308355");
Deleted : user_pref("aol_toolbar.search.oid", "17-12-2012");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "2");
Deleted : user_pref("aol_toolbar.surf.lastDate", "17");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "11");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "2");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "2");
Deleted : user_pref("aol_toolbar.surf.week", "2");
Deleted : user_pref("aol_toolbar.surf.year", "2");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "5");
Deleted : user_pref("aol_toolbar.weather.degf", "41");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/26.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Cloudy");
Deleted : user_pref("aol_toolbar.weather.update", "1355753592246");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1358653469);
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.active", true);
Deleted : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.value", "1358653469");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.value", "%7B%22source_id%22%3A[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1358653469");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.expiration", "Mon Jan 21 2013 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.expiration", "Sat Jan 26 201[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1358779585");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%22116407%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.value", "1358656452405");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value", "%221363%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.value", "1358656426");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_sr[symantec.com].expiration", "Sun Jan 27[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_sr[symantec.com].value", "1358691461");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22133208%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1358656423854");
Deleted : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp21802.21802.domain", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.group", 0);
Deleted : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.value", "15");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.expiration", "Mon Jan [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Deleted : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 6);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 12);
Deleted : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21802.21802.ver", 15);
Deleted : user_pref("extensions.crossriderapp21802.adsOldValue", 14);
Deleted : user_pref("extensions.crossriderapp21802.apps", "21802");
Deleted : user_pref("extensions.crossriderapp21802.bic", "13c563bbca50a7bad4b8c3cbf2c04756");
Deleted : user_pref("extensions.crossriderapp21802.cid", 21802);
Deleted : user_pref("extensions.crossriderapp21802.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21802.installationdate", 1358656421);
Deleted : user_pref("extensions.crossriderapp21802.lastcheck", 22646072);
Deleted : user_pref("extensions.crossriderapp21802.lastcheckitem", 22646327);
Deleted : user_pref("extensions.crossriderapp21802.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21802.reportInstall", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"xtsf9FSyPZA7dvkBGQcnN8x3ly+zQ08SFWHBwJhl6Zo=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[S1].txt - [28621 octets] - [21/01/2013 06:59:57]

########## EOF - C:\AdwCleaner[S1].txt - [28682 octets] ##########


3. Virustotal Scan

I'm stuck here. "C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013" is there, but there is no Campaign\ROC_JAN2013_AV.exe

[Phel]

Hello,

What about OTL log?

For VT, try this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  copy "C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" "C:\Users\Leisa Garcia\Desktop\ROC_JAN2013_AV.exe" /c

• Then click the Run Fix button at the top
• Let the program run unhindered
• Please, upload the file ROC_JAN2013_AV.exe, located on your Desktop to VirusTotal.
• If File already analysed window will appear, click on Reanalyse button.
• When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.

[LeisaAGH]

Hi,

I wasn't sure that I was suppose to complete the other steps if I hadn't done the ones that came before.

I did what you said in the last post and got this message:

========== FILES ==========
< copy "C:\Users\Leisa Garcia\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" "C:\Users\Leisa Garcia\Desktop\ROC_JAN2013_AV.exe" /c >
The system cannot find the path specified.
C:\Users\Leisa Garcia\Desktop\cmd.bat deleted successfully.
C:\Users\Leisa Garcia\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01212013_124433


ROC_JAN2013_AV.exe isn't on my desktop




Here's the OTC log

OTC

OTL logfile created on: 1/21/2013 12:00:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leisa Garcia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.95% Memory free
6.96 Gb Paging File | 5.63 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 100.78 Gb Free Space | 56.30% Space Free | Partition Type: NTFS
Drive D: | 267.11 Gb Total Space | 202.42 Gb Free Space | 75.78% Space Free | Partition Type: NTFS
Drive F: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 15.11 Gb Total Space | 14.47 Gb Free Space | 95.80% Space Free | Partition Type: FAT32

Computer Name: LEISAGARCIA-PC | User Name: Leisa Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
PRC - [2012/12/23 16:15:48 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/18 06:28:22 | 000,038,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/06 00:12:38 | 002,798,160 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011/10/13 00:38:14 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/09/27 15:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 00:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 00:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/22 00:00:58 | 003,468,880 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe
PRC - [2011/08/18 20:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/02/16 08:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2006/08/11 19:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/13 12:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/19 20:49:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 06:32:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 09:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/13 13:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 11:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/11 23:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 10:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 12:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/05 21:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/16 11:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 11:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 02:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 21:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 16:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 16:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 02:42:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 02:42:59 | 000,000,000 | ---D | M]

[2012/09/06 14:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Extensions
[2013/01/19 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions
[2012/12/17 06:13:13 | 000,002,544 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\searchplugins\aol-search.xml
[2013/01/19 20:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 20:49:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/23 16:15:54 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/05 17:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/20 07:03:52 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/10/20 12:32:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.11_0\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF76FB9-3FA1-4E1D-84C7-F0109B375E58}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 11:15:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 07:31:51 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\PC Cleaners
[2013/01/20 07:31:46 | 004,729,224 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/20 07:31:44 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\PCPro
[2013/01/20 07:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/01/20 07:03:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\AVG SafeGuard toolbar
[2013/01/20 07:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/20 07:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/20 07:03:46 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/20 07:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/20 06:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/20 06:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/20 06:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/19 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/19 19:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/01/19 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Flash Player Pro
[2013/01/19 19:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/01/19 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Shopping Sidekick Plugin
[2013/01/19 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Google
[2013/01/19 19:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin
[2013/01/18 17:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 05:19:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\to Jenifer
[2013/01/17 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\session_01
[2013/01/10 08:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/09 10:11:00 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\Issachar
[2013/01/06 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Apps
[2013/01/06 06:27:22 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2013/01/06 06:26:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/01/06 06:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/01/05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{EE6ABFA3-B179-41AF-8605-6339C15A0D6B}
[2013/01/05 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{ECF35653-C38F-49FA-AE85-F534C38A29C3}
[2013/01/05 12:19:42 | 000,000,000 | R--D | C] -- C:\Users\Leisa Garcia\Documents\Scanned Documents
[2013/01/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Fax
[2012/12/29 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\temp
[2012/12/26 06:58:37 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:44:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Myst V End of Ages
[2012/12/25 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT
[2012/12/25 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UBISOFT
[2012/12/25 10:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backyardigans Mission to Mars
[2012/12/23 16:23:08 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\RealNetworks
[2012/12/23 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012/12/23 16:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/12/23 16:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/12/23 16:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/12/23 16:15:50 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll

========== Files - Modified Within 30 Days ==========

[2013/01/21 12:01:18 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 12:01:18 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 12:00:04 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 11:56:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 11:54:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/21 11:54:00 | 3737,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/21 11:32:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 06:59:06 | 000,480,125 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner-2-009-en-win.exe
[2013/01/20 18:00:10 | 000,001,292 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/20 07:31:20 | 004,729,224 | ---- | M] (PC Cleaners) -- C:\windows\uninst.exe
[2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:02:53 | 000,001,653 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/20 07:02:30 | 000,002,279 | ---- | M] () -- C:\Users\Leisa Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/20 07:02:07 | 000,000,298 | ---- | M] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/19 19:45:07 | 000,001,103 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\Flash Player Pro.lnk
[2013/01/17 05:15:05 | 019,644,591 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\session_04.zip
[2013/01/10 05:56:25 | 000,455,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/10 05:32:59 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/10 05:32:59 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/10 05:32:59 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/06 06:27:28 | 000,001,235 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/26 06:58:37 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:40:21 | 000,008,382 | ---- | M] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012/12/23 16:15:50 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll

========== Files Created - No Company Name ==========

[2013/01/21 06:59:06 | 000,480,125 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner-2-009-en-win.exe
[2013/01/20 06:52:12 | 000,002,279 | ---- | C] () -- C:\Users\Leisa Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/20 06:51:37 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 06:51:36 | 000,000,906 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 19:45:07 | 000,001,103 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\Flash Player Pro.lnk
[2013/01/18 17:52:36 | 000,000,298 | ---- | C] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/17 05:15:03 | 019,644,591 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\session_04.zip
[2013/01/10 05:57:56 | 000,001,653 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/06 06:27:28 | 000,001,235 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/26 06:40:21 | 000,008,382 | ---- | C] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012/11/24 12:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\bibstats
[2012/01/09 16:30:22 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 15:49:10 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/09 15:31:59 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/10/31 23:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2011/10/31 23:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2011/10/31 23:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/10/12 23:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/10/12 23:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/21 04:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Activeris
[2012/09/25 06:50:58 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Amazon
[2013/01/21 02:42:32 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Audacity
[2012/11/04 05:12:18 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG2013
[2012/10/20 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\iSpring Solutions
[2013/01/06 06:27:22 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2013/01/20 07:31:51 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\PC Cleaners
[2013/01/20 07:31:53 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\PCPro
[2012/11/04 05:11:15 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\TuneUp Software
[2012/09/20 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring QuizMaker 6

< End of report >

[LeisaAGH]

Hi Phel,

The links have disappeared. Let me know if there are any more steps I should take.

Thanks!!

[Phel]

Let me know if there are any more steps I should take.

Yup, your system isn't completely clean yet.

Step 1. AdwCleaner scan.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Search button.
• After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. Remove Chrome extension.

• Launch your Google Chrome browser.
• In the address bar type the following:
  
  chrome:extensions
  
• Extension list will appear.
• Find there Shopping Sidekick plugin extension.
• Click Uninstall.
• Restart your browser.

Step 3. OTL fix.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
  O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll File not found
  [2013/01/19 19:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin
  [2013/01/19 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Shopping Sidekick Plugin
  [2013/01/20 07:31:51 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\PC Cleaners
  [2013/01/20 07:31:46 | 004,729,224 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
  [2013/01/20 07:31:44 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\PCPro
  [2013/01/20 07:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
  
  :Commands
  [REBOOT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message contents of theese logs:

• OTL.txt
• AdwCleaner log

How is your computer running now?

[LeisaAGH]

My computer seems to be working fine.


1. Adware

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 12:53:01
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Leisa Garcia - LEISAGARCIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1947ed9c549f680a9ed3f1fdbb9337a4
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-90463299-3666766424-1674148881-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\prefs.js

Found : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1358780594);
Found : user_pref("extensions.crossriderapp21802.21802.active", true);
Found : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Found : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.value", "1358780594");
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.value", "%7B%22source_id%22%3A[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1358780594");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.expiration", "Mon Jan 21 2013 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.expiration", "Mon Jan 28 201[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1358780606");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.value", "%221357677915%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.value", "%221357677915%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%22116408%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.value", "1358780620479");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value", "%221364%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.value", "1358780606");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22134093%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1358780606091");
Found : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp21802.21802.domain", "");
Found : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Found : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.group", 0);
Found : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Found : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.value", "15");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.expiration", "Mon Jan [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Found : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Found : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Found : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Found : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 12);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 6);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Found : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 12);
Found : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Found : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Found : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Found : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Found : user_pref("extensions.crossriderapp21802.21802.ver", 15);
Found : user_pref("extensions.crossriderapp21802.apps", "21802");
Found : user_pref("extensions.crossriderapp21802.bic", "13c563bbca50a7bad4b8c3cbf2c04756");
Found : user_pref("extensions.crossriderapp21802.cid", 21802);
Found : user_pref("extensions.crossriderapp21802.firstrun", false);
Found : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp21802.installationdate", 1358780593);
Found : user_pref("extensions.crossriderapp21802.lastcheck", 22646343);
Found : user_pref("extensions.crossriderapp21802.lastcheckitem", 22646344);
Found : user_pref("extensions.crossriderapp21802.modetype", "production");
Found : user_pref("extensions.crossriderapp21802.reportInstall", true);

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17521 octets] - [23/01/2013 12:53:01]
AdwCleaner[S1].txt - [28750 octets] - [21/01/2013 06:59:57]

########## EOF - C:\AdwCleaner[R1].txt - [17643 octets] ##########


2. Chrome:extensions

Cannot delete shopping sidekick plugin, the other plugins have a garbage can icon so they can be deleted, but this one is checkmarked enabled and is grayed out.


3. OTC

OTL logfile created on: 1/23/2013 1:09:34 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leisa Garcia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 60.25% Memory free
6.96 Gb Paging File | 5.04 Gb Available in Paging File | 72.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 98.68 Gb Free Space | 55.13% Space Free | Partition Type: NTFS
Drive D: | 267.11 Gb Total Space | 202.42 Gb Free Space | 75.78% Space Free | Partition Type: NTFS
Drive E: | 3.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 15.11 Gb Total Space | 14.47 Gb Free Space | 95.80% Space Free | Partition Type: FAT32

Computer Name: LEISAGARCIA-PC | User Name: Leisa Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 05:49:07 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
PRC - [2013/01/19 20:49:52 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 05:57:56 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/06 00:12:38 | 002,798,160 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011/10/11 23:53:36 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/09/27 15:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 00:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 00:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 20:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/06/24 00:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/01/19 20:49:51 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 05:57:56 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/07/28 16:53:32 | 000,746,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll
MOD - [2011/02/16 08:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 06:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 19:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/13 12:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/19 20:49:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 06:32:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 09:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/13 13:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 11:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/11 23:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 10:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 12:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/05 21:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/16 11:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 11:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 02:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 21:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/23 16:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/23 16:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/22 05:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/22 05:49:17 | 000,000,000 | ---D | M]

[2012/09/06 14:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Extensions
[2013/01/19 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions
[2012/12/17 06:13:13 | 000,002,544 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\searchplugins\aol-search.xml
[2013/01/19 20:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 20:49:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/22 05:49:12 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/05 17:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/20 07:03:52 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/10/20 12:32:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.11_0\crossrider
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.11_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.0.14_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF76FB9-3FA1-4E1D-84C7-F0109B375E58}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 05:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/01/22 05:49:09 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/01/22 05:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2013/01/21 11:15:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 07:03:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\AVG SafeGuard toolbar
[2013/01/20 07:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/01/20 07:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/20 07:03:46 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/20 07:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/20 06:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/20 06:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/20 06:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/19 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/19 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Google
[2013/01/18 17:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 05:19:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\to Jenifer
[2013/01/17 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\session_01
[2013/01/10 08:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/09 10:11:00 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\Issachar
[2013/01/06 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Apps
[2013/01/06 06:27:22 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2013/01/06 06:26:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/01/06 06:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/01/05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{EE6ABFA3-B179-41AF-8605-6339C15A0D6B}
[2013/01/05 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{ECF35653-C38F-49FA-AE85-F534C38A29C3}
[2013/01/05 12:19:42 | 000,000,000 | R--D | C] -- C:\Users\Leisa Garcia\Documents\Scanned Documents
[2013/01/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Fax
[2012/12/29 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\temp
[2012/12/26 06:58:37 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:44:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Myst V End of Ages
[2012/12/25 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT
[2012/12/25 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UBISOFT
[2012/12/25 10:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backyardigans Mission to Mars

========== Files - Modified Within 30 Days ==========

[2013/01/23 13:04:48 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 13:04:48 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 12:57:47 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 12:57:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/23 12:57:26 | 3737,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 12:56:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 12:51:59 | 000,574,315 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
[2013/01/23 12:48:36 | 000,002,279 | ---- | M] () -- C:\Users\Leisa Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/23 12:32:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 05:49:54 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/22 05:49:09 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/01/20 18:00:10 | 000,001,292 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:02:53 | 000,001,653 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/20 07:02:07 | 000,000,298 | ---- | M] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/10 05:56:25 | 000,455,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/10 05:32:59 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/10 05:32:59 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/10 05:32:59 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/06 06:27:28 | 000,001,235 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/26 06:58:37 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt.dll
[2012/12/26 06:40:21 | 000,008,382 | ---- | M] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk

========== Files Created - No Company Name ==========

[2013/01/23 12:51:58 | 000,574,315 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
[2013/01/22 05:49:54 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/20 06:52:12 | 000,002,279 | ---- | C] () -- C:\Users\Leisa Garcia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/20 06:51:37 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 06:51:36 | 000,000,906 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 17:52:36 | 000,000,298 | ---- | C] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/10 05:57:56 | 000,001,653 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/06 06:27:28 | 000,001,235 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/12/26 06:40:21 | 000,008,382 | ---- | C] () -- C:\windows\vpd.properties
[2012/12/26 06:07:23 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\Myst V End of Ages.lnk
[2012/12/25 16:58:21 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012/11/24 12:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\bibstats
[2012/01/09 16:30:22 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 15:49:10 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/09 15:31:59 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/10/31 23:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2011/10/31 23:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2011/10/31 23:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/10/12 23:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/10/12 23:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/21 04:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Activeris
[2012/09/25 06:50:58 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Amazon
[2013/01/21 02:42:32 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Audacity
[2012/11/04 05:12:18 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG2013
[2012/10/20 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\iSpring Solutions
[2013/01/06 06:27:22 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2012/11/04 05:11:15 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\TuneUp Software
[2012/09/20 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring QuizMaker 6

< End of report >

[LeisaAGH]

Hi Phel,

Haven't heard from you in a couple days, anything else I need to do? I still am unable to remove shopping sidekick plugin from Chrome. Can I just delete Chrome? I don't like to use it anyway.

[Phel]

Sorry for that delay.

Can I just delete Chrome?

Yes, if you want - uninstall it, but please run the following fixes anyway:

Step 1. AdwCleaner fix.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Delete button.
• Click on OK.
• Computer will be rebooted automatically, when program will finish it's job.
• After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. OTL fix.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack 
  
  :Commands
  [REBOOT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

How is your computer running after all these fixes?

Please, don't forget to post the contents of these logs in your next message:

• OTL log
• AdwCleaner log

[LeisaAGH]

My computer seems to be working fine.


# AdwCleaner v2.107 - Logfile created 01/25/2013 at 10:37:09
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Leisa Garcia - LEISAGARCIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\ProgramData\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1947ed9c549f680a9ed3f1fdbb9337a4
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1358780594);
Deleted : user_pref("extensions.crossriderapp21802.21802.active", true);
Deleted : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.value", "1358780594");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.value", "%7B%22source_id%22%3A[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1358780594");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.expiration", "Mon Jan 21 2013 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.expiration", "Mon Jan 28 201[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1358780606");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%22116408%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.value", "1358780620479");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value", "%221364%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.value", "1358780606");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22134093%22");
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1358780606091");
Deleted : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Deleted : user_pref("extensions.crossriderapp21802.21802.domain", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.group", 0);
Deleted : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.value", "15");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.expiration", "Mon Jan [...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Deleted : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 6);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 12);
Deleted : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21802.21802.ver", 15);
Deleted : user_pref("extensions.crossriderapp21802.apps", "21802");
Deleted : user_pref("extensions.crossriderapp21802.bic", "13c563bbca50a7bad4b8c3cbf2c04756");
Deleted : user_pref("extensions.crossriderapp21802.cid", 21802);
Deleted : user_pref("extensions.crossriderapp21802.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21802.installationdate", 1358780593);
Deleted : user_pref("extensions.crossriderapp21802.lastcheck", 22646343);
Deleted : user_pref("extensions.crossriderapp21802.lastcheckitem", 22646344);
Deleted : user_pref("extensions.crossriderapp21802.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21802.reportInstall", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17703 octets] - [23/01/2013 12:53:01]
AdwCleaner[S1].txt - [28750 octets] - [21/01/2013 06:59:57]
AdwCleaner[S3].txt - [17888 octets] - [25/01/2013 10:37:09]

########## EOF - C:\AdwCleaner[S3].txt - [17949 octets] ##########






OTL logfile created on: 1/25/2013 10:45:41 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leisa Garcia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 49.42% Memory free
6.96 Gb Paging File | 4.92 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 98.76 Gb Free Space | 55.17% Space Free | Partition Type: NTFS
Drive D: | 267.11 Gb Total Space | 202.42 Gb Free Space | 75.78% Space Free | Partition Type: NTFS
Drive E: | 6.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 15.11 Gb Total Space | 14.47 Gb Free Space | 95.80% Space Free | Partition Type: FAT32

Computer Name: LEISAGARCIA-PC | User Name: Leisa Garcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
PRC - [2013/01/19 20:49:52 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 05:57:56 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/06 00:12:38 | 002,798,160 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/09/27 15:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 00:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 00:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 20:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/06/24 00:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/20 07:03:30 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/01/19 20:49:51 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 05:57:56 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/16 08:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/07 06:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 19:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/13 12:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/20 07:03:30 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/19 20:49:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/10 06:32:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 09:45:14 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/13 13:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 11:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/11 23:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 10:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 12:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/05 21:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/16 11:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 11:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 02:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 21:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/25 05:28:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/21 02:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/25 05:28:51 | 000,000,000 | ---D | M]

[2012/09/06 14:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Extensions
[2013/01/24 12:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions
[2013/01/24 12:20:56 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/17 06:13:13 | 000,002,544 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\searchplugins\aol-search.xml
[2013/01/19 20:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 20:49:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 17:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/20 07:03:52 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/10/20 12:32:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....fr&d=2013-01-20 07:03:48&v=14.0.0.14&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.0.14_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF76FB9-3FA1-4E1D-84C7-F0109B375E58}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/25 10:39:51 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\AVG Secure Search
[2013/01/25 07:51:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/25 07:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/25 07:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/22 05:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2013/01/21 11:15:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 07:03:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\AVG SafeGuard toolbar
[2013/01/20 07:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/20 07:03:46 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/20 07:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/20 06:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/20 06:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/19 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/19 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Google
[2013/01/18 17:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/17 05:19:43 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\to Jenifer
[2013/01/17 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\session_01
[2013/01/10 08:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/09 10:11:00 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\Issachar
[2013/01/06 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\Apps
[2013/01/06 06:27:22 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2013/01/06 06:26:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/01/06 06:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/01/05 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{EE6ABFA3-B179-41AF-8605-6339C15A0D6B}
[2013/01/05 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\AppData\Local\{ECF35653-C38F-49FA-AE85-F534C38A29C3}
[2013/01/05 12:19:42 | 000,000,000 | R--D | C] -- C:\Users\Leisa Garcia\Documents\Scanned Documents
[2013/01/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Documents\Fax
[2012/12/29 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\Leisa Garcia\Desktop\temp

========== Files - Modified Within 30 Days ==========

[2013/01/25 10:49:50 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 10:49:50 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/25 10:42:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/25 10:42:39 | 3737,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/25 10:32:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/25 09:17:31 | 000,001,292 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/23 12:51:59 | 000,574,315 | ---- | M] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
[2013/01/20 07:03:30 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/20 07:02:53 | 000,001,653 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/20 07:02:07 | 000,000,298 | ---- | M] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/20 06:14:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leisa Garcia\Desktop\OTL.exe
[2013/01/10 05:56:25 | 000,455,232 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/10 05:32:59 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/10 05:32:59 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/10 05:32:59 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/06 06:27:28 | 000,001,235 | ---- | M] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

========== Files Created - No Company Name ==========

[2013/01/23 12:51:58 | 000,574,315 | ---- | C] () -- C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
[2013/01/18 17:52:36 | 000,000,298 | ---- | C] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/10 05:57:56 | 000,001,653 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
[2013/01/06 06:27:28 | 000,001,235 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/01/06 06:26:11 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/11/24 12:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Leisa Garcia\AppData\Roaming\bibstats
[2012/01/09 16:30:22 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/01/09 15:49:10 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/09 15:31:59 | 000,001,340 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/10/31 23:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2011/10/31 23:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2011/10/31 23:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/10/12 23:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/10/12 23:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/21 04:36:08 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Activeris
[2012/09/25 06:50:58 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Amazon
[2013/01/25 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\Audacity
[2012/11/04 05:12:18 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\AVG2013
[2012/10/20 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\iSpring Solutions
[2013/01/06 06:27:22 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\OpenOffice.org
[2012/11/04 05:11:15 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\TuneUp Software
[2012/09/20 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\Leisa Garcia\AppData\Roaming\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring QuizMaker 6

< End of report >

[Phel]

Only some steps are left till the end of removal procedure.

Step 1. AdwCleaner scan.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Search button.
• After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. MBAM log.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3. ESET Online Scanner.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

So, please, don't forget to post contents of these logs in your next message:

• AdwCleaner log
• MBAM log
• ESET Online Scanner log

[LeisaAGH]

# AdwCleaner v2.107 - Logfile created 01/25/2013 at 18:19:02
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Leisa Garcia - LEISAGARCIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Leisa Garcia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Leisa Garcia\AppData\Local\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Leisa Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\4k018ij4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Leisa Garcia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17703 octets] - [23/01/2013 12:53:01]
AdwCleaner[S1].txt - [28750 octets] - [21/01/2013 06:59:57]
AdwCleaner[S3].txt - [18009 octets] - [25/01/2013 10:37:09]
AdwCleaner[S4].txt - [1186 octets] - [25/01/2013 18:19:02]

########## EOF - C:\AdwCleaner[S4].txt - [1246 octets] ##########



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Leisa Garcia :: LEISAGARCIA-PC [administrator]

1/25/2013 6:27:01 PM
mbam-log-2013-01-25 (18-27-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228629
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Leisa Garcia\Local Settings\Temporary Internet Files\Content.IE5\ZMLD6QMB\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.

(end)


This is all I found for ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

It was under c:\Program Files (x86)\ESET\Online Scanner\Log.txt

There were no other text files. I don't want to run it again, it took 8 hours!

Before I closed the window, I read that it had found 7 threats and removed them. All I did was close the window, I didn't check the boxes to delete the ESET files.