Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Problems [Closed]


  • This topic is locked This topic is locked

#1
mofu

mofu

    New Member

  • Member
  • Pip
  • 2 posts
Anything I type into the browsers (IE and Chrome) on my laptop (Windows Vista) that contains the word Google doesn't open. I've had to use weird search engines progressively the last few weeks/month just to get onto the internet. The only one that allows me to connect currently is AVG.

OTL logfile created on: 11/03/2014 21:29:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\renfar\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.16% Memory free
4.11 Gb Paging File | 2.74 Gb Available in Paging File | 66.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.55 Gb Total Space | 86.79 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
Drive D: | 10.54 Gb Total Space | 1.78 Gb Free Space | 16.91% Space Free | Partition Type: NTFS

Computer Name: RENFAR-PC | User Name: renfar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/11 21:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\renfar\Downloads\OTL.exe
PRC - [2014/03/03 20:02:33 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/03/03 20:02:31 | 001,759,768 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
PRC - [2014/03/03 20:02:31 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
PRC - [2014/03/02 04:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/25 21:54:00 | 000,046,592 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe
PRC - [2010/05/05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/05/05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/14 22:45:21 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 19:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007/08/08 13:52:52 | 001,731,584 | ---- | M] () -- C:\Users\renfar\gupd.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/07 01:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/03 20:02:34 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/03/03 20:02:33 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/03/02 04:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/02 04:35:24 | 013,632,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/02 04:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/02 04:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/02 04:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2010/05/05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/05/05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 12:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 12:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 12:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/05/27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009/04/07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 10:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
MOD - [2009/02/20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
MOD - [2008/09/24 02:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/08/08 13:52:52 | 001,731,584 | ---- | M] () -- C:\Users\renfar\gupd.exe
MOD - [2007/07/12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2014/03/08 13:09:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/03 20:02:31 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/14 22:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 22:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009/09/03 12:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/10/06 19:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 22:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/03/03 20:02:35 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 22:06:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/08 18:21:18 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 18:21:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 18:21:18 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/06/29 16:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.web...&cc=ZA&unqvl=49
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{3B2DB669-694C-4758-B81E-CD80FA35F8BE}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKLM\..\SearchScopes\{66149AE3-086F-403A-AA76-A82575D1F29B}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{95ACECBE-0F07-45C2-85C0-510132736D50}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.web...&cc=ZA&unqvl=49

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosear...127894&tsp=5163
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{3B2DB669-694C-4758-B81E-CD80FA35F8BE}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\..\SearchScopes\{66149AE3-086F-403A-AA76-A82575D1F29B}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{95ACECBE-0F07-45C2-85C0-510132736D50}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.web...&cc=ZA&unqvl=49
IE - HKCU\..\SearchScopes\{C4671A5A-3122-4A80-AB9C-AF1CE247CEB2}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=172.16.1.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....ard&sg=&sap=hp"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}"
FF - prefs.js..browser.search.defaulturl: "http://websearch.web...nqvl=49&l=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\renfar\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/10 18:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014/03/01 19:02:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\renfar\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/02/19 19:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\renfar\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/02/19 19:41:22 | 000,000,000 | ---D | M]

[2014/02/19 19:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions
[2014/02/19 19:40:23 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/02/19 19:41:22 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/02/19 19:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renfar\AppData\Roaming\mozilla\Firefox\Profiles\0kgei9go.default\Extensions
[2014/02/19 20:33:14 | 000,000,647 | ---- | M] () -- C:\Users\renfar\AppData\Roaming\mozilla\firefox\profiles\0kgei9go.default\searchplugins\WebSearch.xml
[2014/02/19 19:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 13:31:05 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1,
CHR - homepage: http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR - plugin: Error reading preferences file
CHR - Extension: SNT = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfbhobbdldeljppincgpkddjjncekhl\2.1\
CHR - Extension: Google Docs = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Pacman = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeemjccgfelokfccnbdaakiongijpbj\2.6_0\
CHR - Extension: YouTube = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: YoutubeAdblocker = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\deiinafalbpgeffmcobefmddmndhdpbo\1.0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.73_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.74_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.77_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.78_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_1\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.822_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.24.3.503_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.24.3.503_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.0.540_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_1\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.4.512_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.4.512_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.7.519_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcajpekdlnhcajagnmjaklfmgkbelckn\1.1\
CHR - Extension: Weebsave = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjeilleogjhpojalphomgkjlmgknhnea\3.7\
CHR - Extension: Chrome to Mobile = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\179\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.0_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.3_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.3.0_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.4.0_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl\0.6.10_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/21 00:39:18 | 000,002,826 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 209.97.213.114 www.google.com
O1 - Hosts: 209.97.213.114 google.com
O1 - Hosts: 209.97.213.114 google.com.au
O1 - Hosts: 209.97.213.114 www.google.com.au
O1 - Hosts: 209.97.213.114 google.be
O1 - Hosts: 209.97.213.114 www.google.be
O1 - Hosts: 209.97.213.114 google.com.br
O1 - Hosts: 209.97.213.114 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YoutubeAdblocker) - {78BB8A23-ADEB-CB69-01AD-A0BD44558DE3} - C:\Program Files\YoutubeAdblocker\kO.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark S300-S400 Series Fax Server] C:\Program Files\Lexmark S300-S400 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [APISupport] C:\Users\renfar\AppData\Local\Conduit\APISupport\APISupport.dll (Conduit Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [gtalkupdate] C:\Users\renfar\gupd.exe ()
O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKCU..\Run: [NextLive] C:\Users\renfar\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C4BAEB4-EA51-4E01-9C61-1E3CCEF9D935}: DhcpNameServer = 192.168.18.10 192.168.18.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C225179-AB97-4231-A6F8-8D1368E7CD49}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\renfar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\renfar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12de745f-a557-11de-ba42-001f1673378d}\Shell\AutoRun\command - "" = F:\CNN\A\Lic.exe
O33 - MountPoints2\{12de745f-a557-11de-ba42-001f1673378d}\Shell\open\command - "" = F:\CNN\A\Lic.exe
O33 - MountPoints2\{420e189c-8710-11de-82bd-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{420e189c-8710-11de-82bd-001f1673378d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4ce0aa09-ecc2-11de-862c-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce0aa09-ecc2-11de-862c-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{76584a00-cabe-11e1-93af-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{76584a00-cabe-11e1-93af-001f1673378d}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{78b4ac5f-b67c-11de-afef-001f1673378d}\Shell\AutoRun\command - "" = F:\NADFOLDER\autorun.exe
O33 - MountPoints2\{78b4ac5f-b67c-11de-afef-001f1673378d}\Shell\open\command - "" = F:\NADFOLDER\autorun.exe
O33 - MountPoints2\{7f65c464-a905-11de-bc73-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f65c464-a905-11de-bc73-001f1673378d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c6662078-c120-11e2-8ce1-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{c6662078-c120-11e2-8ce1-001f1673378d}\Shell\AutoRun\command - "" = G:\iLinker.exe
O33 - MountPoints2\{cfffc5f0-86a7-11de-bfff-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{cfffc5f0-86a7-11de-bfff-001f1673378d}\Shell\AutoRun\command - "" = setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cfffc604-86a7-11de-bfff-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{cfffc604-86a7-11de-bfff-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d0e4e6b9-3a57-11e2-8f51-001f1673378d}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{d5b7667c-ffe7-11e1-ab67-001f1673378d}\Shell\AutoRun\command - "" = F:\SecureII\Windows\SecureII.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 17:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/06 17:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/03 20:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/03/01 19:03:08 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\AVG SafeGuard toolbar
[2014/03/01 19:02:06 | 000,042,784 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2014/03/01 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/03/01 19:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2014/03/01 19:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2014/03/01 18:59:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/03/01 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2014/02/19 20:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/02/19 20:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\SNT
[2014/02/19 20:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\GreatSoft
[2014/02/19 20:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/02/19 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/02/19 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\Torch
[2014/02/19 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\Comodo
[2014/02/19 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\websave
[2014/02/19 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\355a65b787d48b8f
[2014/02/19 20:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\websave
[2014/02/19 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/02/19 19:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2014/02/19 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Roaming\PerformerSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/11 21:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/11 21:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/11 20:09:55 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/03/11 20:08:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/11 20:08:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 20:08:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 20:07:57 | 000,393,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/11 20:07:36 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/11 06:21:27 | 000,739,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/11 06:21:27 | 000,159,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/06 17:29:24 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/04 18:32:02 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/03 20:02:35 | 000,042,784 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2014/03/01 18:14:06 | 027,915,537 | ---- | M] ( ) -- C:\Users\renfar\Desktop\K-Lite_Codec_Pack_1035_Full.exe
[2014/03/01 14:48:01 | 000,204,288 | ---- | M] () -- C:\Users\renfar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/21 17:53:32 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/15 16:02:11 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/12 19:59:26 | 000,591,872 | ---- | M] () -- C:\Users\renfar\Desktop\DatawareBarcode.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/10 17:23:17 | 2075,336,704 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/09 22:23:30 | 001,731,584 | ---- | C] () -- C:\Users\renfar\gupd.exe
[2014/03/06 17:29:24 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/01 18:08:30 | 027,915,537 | ---- | C] ( ) -- C:\Users\renfar\Desktop\K-Lite_Codec_Pack_1035_Full.exe
[2014/02/19 20:31:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/19 19:52:01 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/02/12 19:59:16 | 000,591,872 | ---- | C] () -- C:\Users\renfar\Desktop\DatawareBarcode.exe
[2013/11/27 23:20:38 | 000,000,258 | RHS- | C] () -- C:\Users\renfar\ntuser.pol
[2013/11/26 18:52:20 | 000,000,736 | ---- | C] () -- C:\Windows\DigimaxMaster.INI
[2013/09/27 17:35:37 | 000,000,843 | ---- | C] () -- C:\Users\renfar\AppData\Local\recently-used.xbel
[2013/07/26 09:35:26 | 000,135,974 | ---- | C] () -- C:\Windows\hphins32.dat
[2013/07/26 09:35:26 | 000,000,558 | ---- | C] () -- C:\Windows\hphmdl32.dat
[2013/02/11 09:11:58 | 000,000,139 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/04 08:47:34 | 000,025,614 | ---- | C] () -- C:\Users\renfar\AppData\Roaming\UserTile.png
[2010/07/23 11:39:04 | 000,000,008 | ---- | C] () -- C:\Users\renfar\AppData\Local\.mpid
[2010/06/28 11:36:47 | 000,000,680 | ---- | C] () -- C:\Users\renfar\AppData\Local\d3d9caps.dat
[2010/01/29 20:43:43 | 000,000,702 | ---- | C] () -- C:\Users\renfar\AppData\Roaming\wklnhst.dat
[2009/08/11 20:19:57 | 000,204,288 | ---- | C] () -- C:\Users\renfar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/18 01:49:13 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/12/12 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\.purple
[2012/10/26 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\AlcaTech
[2012/08/22 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Babylon
[2012/09/10 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\BrowserCompanion
[2011/05/23 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\CleanMyPC Software
[2013/11/27 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\com.prezi.PreziDesktop
[2013/11/30 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\ExpressFiles
[2013/06/14 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\File Scout
[2009/08/18 20:57:08 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\gtk-2.0
[2009/11/30 17:40:18 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Leadertech
[2013/12/16 11:54:34 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Movie Torrent
[2014/03/11 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\newnext.me
[2012/08/20 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PC Cleaners
[2009/09/12 18:29:32 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PC Suite
[2012/08/20 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PCPro
[2012/01/04 08:47:34 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PeerNetworking
[2014/02/19 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PerformerSoft
[2013/09/27 17:00:56 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PhotoScape
[2012/08/21 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Research In Motion
[2010/11/29 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\S300-S400 Series
[2009/09/12 18:20:36 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Samsung
[2012/05/08 11:00:53 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Softland
[2013/11/26 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\systweak
[2010/01/29 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Template
[2009/08/12 09:07:09 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\URSoft
[2009/08/11 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Vodafone
[2009/08/09 23:34:05 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\WildTangent
[2012/05/12 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/11 16:05:19 | 000,000,000 | ---D | M](C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2011/06/11 16:05:19 | 000,000,000 | ---D | M](C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B3D74A13

< End of report >

Edited by mofu, 11 March 2014 - 02:01 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello mofu

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
mofu

mofu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Gringo

Thanks for your reply. I don't have any device to back up files to currently. So I'm naturally a bit skeptical to continue. I'm not a "computer guy" at all. I've done a couple of troubleshooting fixes and that's it. This is a personal laptop, so I have a lot of photos and other personal files on it. Which I obviously wouldn't want to lose. What are the types of files that I stand to lose if I don't do the back-up?

Mofu
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

that is a general warning as it is impossible to predict everything that can happen.

I would put all my pictures and things that cannot be replaced onto a jump drive or pen drive just to be safe, don't need to be a complete backup just a copy of things that are important to you


Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP