Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple problems after download of video converter [Closed]

Started by dlowry_uk , Mar 31 2014 08:27 AM

  • This topic is locked This topic is locked

#1
dlowry_uk
Posted 31 March 2014 - 08:27 AM

dlowry_uk

    Member

  • Member
  • PipPip
  • 33 posts

My wife tried to install a tool to convert youtube videos to mp3. During installation, a multitude of other stuff was installed in parallel. I uninstalled everything I could, but we now have various problems, including:

browser hijacks in Chrome, including the startup page,

bombardment of ads in popups and additional browser windows,

Windows alerts saying AVG and Windows Defender de-activated,

machine running very slow

 

OTL printout follows

 

OTL logfile created on: 31/03/2014 16:10:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,91 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,59% Memory free
7,82 Gb Paging File | 4,82 Gb Available in Paging File | 61,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 106,85 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive E: | 151,60 Gb Total Space | 135,82 Gb Free Space | 89,59% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/31 16:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Family\Downloads\OTL (1).exe
PRC - [2014/03/31 11:32:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
PRC - [2014/03/31 11:32:02 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
PRC - [2014/03/21 10:52:22 | 000,062,608 | ---- | M] (GenTechnologies Apps, LLC) -- C:\ProgramData\MovieMode\MovieModeService.exe
PRC - [2014/03/21 10:51:56 | 000,152,208 | ---- | M] (GenTechnologies Apps, LLC) -- C:\ProgramData\MovieMode\MovieMode.exe
PRC - [2014/03/17 08:38:00 | 000,515,584 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe
PRC - [2014/03/15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/04 17:34:29 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/03/04 17:34:29 | 001,759,768 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
PRC - [2014/03/04 17:34:29 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
PRC - [2014/02/10 18:37:36 | 000,570,944 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\nf.exe
PRC - [2014/01/22 13:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/11 12:42:44 | 000,578,128 | ---- | M] (LG Electronics Inc.) -- C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
PRC - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/07/09 14:47:56 | 002,406,480 | ---- | M] (LG Electronics Inc.) -- C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/24 13:31:28 | 000,478,288 | ---- | M] (LG Electronics Inc.) -- C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
PRC - [2013/01/11 11:29:28 | 000,279,120 | ---- | M] (LG Electronics Inc.) -- C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/22 01:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2004/06/14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/31 11:32:02 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
MOD - [2014/03/21 10:51:56 | 001,161,872 | ---- | M] () -- C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll
MOD - [2014/03/15 02:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/15 02:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 02:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 02:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 02:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 02:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 02:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/03/04 17:34:29 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/03/04 17:34:29 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/03/03 16:57:20 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/03/03 16:56:47 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/03 16:42:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/03/03 16:42:38 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/03 16:42:37 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/03/03 16:42:34 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/03 16:42:30 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/03/03 16:42:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/03 16:42:25 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
MOD - [2014/03/03 16:42:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/03 16:42:20 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/03 16:42:17 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/03/03 16:42:14 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/03 16:42:13 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/03/03 16:42:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/03 16:42:05 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014/03/03 16:42:03 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/16 13:14:06 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/16 13:12:55 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/16 13:12:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/16 13:12:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/16 13:12:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 15:00:46 | 000,378,880 | ---- | M] () -- C:\Windows\SysWOW64\av_dll.dll
MOD - [2011/08/10 15:00:46 | 000,020,992 | ---- | M] () -- C:\Windows\SysWOW64\av_proxy.dll
MOD - [2010/11/13 02:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 06:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/04 11:50:20 | 002,542,416 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 03:53:50 | 000,770,528 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013/02/08 17:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/02/08 17:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/02/08 17:39:48 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/02/08 17:39:14 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/09/12 18:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/09/08 05:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/03/31 11:32:02 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe -- (Re-markit)
SRV - [2014/03/31 11:11:58 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/21 10:52:22 | 000,062,608 | ---- | M] (GenTechnologies Apps, LLC) [Auto | Running] -- C:\ProgramData\MovieMode\MovieModeService.exe -- (MovieMode)
SRV - [2014/03/17 08:38:00 | 000,515,584 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014/03/04 17:34:29 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
SRV - [2014/02/10 18:37:36 | 000,570,944 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe -- (NSM)
SRV - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/11/15 06:30:44 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/06/14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/04 17:34:29 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/12/18 22:40:17 | 000,246,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSMx64\0209050.01D\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV:64bit: - [2013/11/25 22:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 22:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 22:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/24 00:09:13 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/22 22:06:36 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/10/22 22:06:34 | 000,872,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/27 14:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSMx64\0209050.01D\ccsetx64.sys -- (ccSet_NSM)
DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/27 11:02:56 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/02/13 03:54:16 | 000,163,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/02/13 03:54:16 | 000,163,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/02/05 11:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 02:03:46 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/19 22:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/08 05:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/07/21 20:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1777342566&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE E1 9D BE 59 CF CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1777342566&ir=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={6560F7F6-3D81-4463-BC76-E1A0EC906192}&mid=925d7b076d5147d392ad7d3bcf2d0595-2769446d5dde3ce3b4feb3f8abf79309a428c6a9&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-13 13:54:44&v=17.3.1.204&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F6994DCF-2629-433E-863C-7486A6455305}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\ [2014/03/31 13:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/13 14:54:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5ae66703-77f8-4623-8c81-9ba769053c03}: C:\Program Files (x86)\Re-markit Corp\158.xpi [2014/03/31 11:32:11 | 000,013,169 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - default_search_provider: webssearches (Enabled)
CHR - default_search_provider: search_url = http://istart.websse...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Error reading preferences file
CHR - Extension: Documents Google = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Do Not Track = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja\0.1.1_0\
CHR - Extension: Recherche Google = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1081_0\
CHR - Extension: AdBlock Premium = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj\2.6.4.3_0\
CHR - Extension: Cleaner Facebook = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\3.3_0\
CHR - Extension: Nortonâ„¢ Family = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.9.5.32_0\
CHR - Extension: F.B. Purity Cleans Up Facebook = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.8.0.6_0\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HQVid9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid9\HQVid9-bho64.dll (High-quality9)
O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O2 - BHO: (HQVid9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid9\HQVid9-bho.dll (High-quality9)
O2 - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [fst_fr_133]  File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Family\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=925d7b076d5147d392ad7d3bcf2d0595-2769446d5dde3ce3b4feb3f8abf79309a428c6a9 /CMPID=1213b File not found
O4 - HKCU..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [*TampMon] C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9E1454C-1382-4F78-B9FF-811152115C17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/31 13:01:33 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/31 12:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/03/31 11:58:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MovieMode
[2014/03/31 11:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/03/31 11:47:33 | 000,000,000 | ---D | C] -- C:\Users\Family\.android
[2014/03/31 11:47:32 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\cache
[2014/03/31 11:47:30 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Mobogenie
[2014/03/31 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Mobogenie
[2014/03/31 11:45:54 | 001,172,776 | ---- | C] (AnyProtect.com) -- C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/31 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014/03/31 11:39:39 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Tuguu_SL
[2014/03/31 11:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaPlayerplus
[2014/03/31 11:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/03/31 11:34:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\SupTab
[2014/03/31 11:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/03/31 11:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/03/31 11:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQVid9
[2014/03/31 11:33:12 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Optimizer Pro
[2014/03/31 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Lollipop
[2014/03/31 11:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-markit Corp
[2014/03/31 11:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2014/03/31 11:07:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/03/31 11:01:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\OpenCandy
[2014/03/31 11:01:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2014/03/26 22:59:32 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\CrashDumps
[2014/03/12 15:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/11 14:31:11 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Tricot
[2014/03/08 14:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/03/08 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\HpUpdate
[2014/03/08 14:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/03/08 14:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/03/08 14:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/03/08 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/03/08 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\HP
[2014/03/04 17:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/03/03 15:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/03 15:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/03/03 15:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/03/03 09:55:22 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/03/03 00:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/03 00:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/03 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/03 00:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/03 00:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/31 15:54:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 15:42:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/31 15:24:02 | 000,238,695 | ---- | M] () -- e:\Users\Family\Desktop\AlcN0ZM4O3c5B5j5c88xi9prb5c.jpg
[2014/03/31 15:08:26 | 000,019,462 | ---- | M] () -- e:\Users\Family\Desktop\1918-2-lion-dans-la-savane.jpg
[2014/03/31 15:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/31 13:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 13:18:57 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 13:18:56 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 13:18:24 | 001,669,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/31 13:18:24 | 000,748,014 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/03/31 13:18:24 | 000,654,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/31 13:18:24 | 000,150,248 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/03/31 13:18:24 | 000,122,198 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/31 13:14:28 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/31 13:11:33 | 000,001,670 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/03/31 13:11:30 | 000,003,460 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/03/31 13:11:29 | 000,003,106 | ---- | M] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-3.job
[2014/03/31 13:11:29 | 000,002,434 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/03/31 13:11:25 | 000,002,564 | ---- | M] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-4.job
[2014/03/31 13:11:25 | 000,001,568 | ---- | M] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-5.job
[2014/03/31 13:11:24 | 000,001,514 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/03/31 13:11:24 | 000,001,412 | ---- | M] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-2.job
[2014/03/31 13:11:22 | 000,001,584 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
[2014/03/31 13:11:22 | 000,001,464 | ---- | M] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-1.job
[2014/03/31 13:11:21 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/31 13:11:05 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/31 12:23:28 | 000,001,003 | ---- | M] () -- e:\Users\Family\Desktop\Continue VuuPC Installation.lnk
[2014/03/31 12:20:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/31 12:00:06 | 000,000,318 | ---- | M] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
[2014/03/31 11:59:38 | 000,000,043 | ---- | M] () -- C:\Users\Family\AppData\Roaming\WB.CFG
[2014/03/31 11:33:18 | 000,002,403 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/31 11:33:18 | 000,001,535 | ---- | M] () -- e:\Users\Family\Desktop\Internet Explorer.lnk
[2014/03/31 11:33:17 | 000,002,505 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/31 11:33:17 | 000,001,679 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/31 11:32:06 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/28 16:38:22 | 001,172,776 | ---- | M] (AnyProtect.com) -- C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/27 23:04:43 | 000,004,519 | ---- | M] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2014/03/22 15:42:17 | 002,098,156 | ---- | M] () -- e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg
[2014/03/21 10:51:56 | 001,161,872 | ---- | M] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
[2014/03/19 14:57:40 | 000,133,934 | ---- | M] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_A2BE62579C.pdf
[2014/03/19 14:56:35 | 000,133,742 | ---- | M] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_D8ACB64038.pdf
[2014/03/12 15:34:36 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/08 14:43:28 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/03/08 14:42:40 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
[2014/03/08 14:42:40 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Achat de consommables - HP ENVY 5530 series.lnk
[2014/03/08 14:40:40 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/03/04 17:34:29 | 000,050,976 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/03/03 16:40:05 | 001,644,108 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/03 16:36:10 | 000,000,463 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/03/03 15:36:19 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/03 00:49:20 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/31 15:24:01 | 000,238,695 | ---- | C] () -- e:\Users\Family\Desktop\AlcN0ZM4O3c5B5j5c88xi9prb5c.jpg
[2014/03/31 15:08:26 | 000,019,462 | ---- | C] () -- e:\Users\Family\Desktop\1918-2-lion-dans-la-savane.jpg
[2014/03/31 12:23:28 | 000,001,003 | ---- | C] () -- e:\Users\Family\Desktop\Continue VuuPC Installation.lnk
[2014/03/31 11:59:38 | 000,000,043 | ---- | C] () -- C:\Users\Family\AppData\Roaming\WB.CFG
[2014/03/31 11:40:05 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/31 11:40:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/31 11:40:04 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/31 11:39:52 | 000,000,318 | ---- | C] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
[2014/03/31 11:36:47 | 000,001,670 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/03/31 11:36:43 | 000,001,514 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/03/31 11:36:42 | 000,001,584 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
[2014/03/31 11:36:36 | 000,002,434 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/03/31 11:36:35 | 000,003,460 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/03/31 11:34:26 | 000,001,568 | ---- | C] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-5.job
[2014/03/31 11:34:20 | 000,001,412 | ---- | C] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-2.job
[2014/03/31 11:34:18 | 000,001,464 | ---- | C] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-1.job
[2014/03/31 11:34:08 | 000,002,564 | ---- | C] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-4.job
[2014/03/31 11:34:07 | 000,003,106 | ---- | C] () -- C:\Windows\tasks\acd7bc78-0a76-4c22-b352-c998a536c4ad-3.job
[2014/03/31 11:32:15 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/31 11:32:12 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/31 11:32:06 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/27 23:04:43 | 000,004,519 | ---- | C] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2014/03/22 14:56:48 | 002,152,884 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.47.jpg
[2014/03/22 14:56:48 | 002,098,156 | ---- | C] () -- e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg
[2014/03/22 14:56:48 | 002,051,085 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.08.04.jpg
[2014/03/22 14:56:48 | 001,977,739 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.10.jpg
[2014/03/22 14:56:48 | 001,936,905 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.08.30.jpg
[2014/03/22 14:56:48 | 001,848,433 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.29.28.jpg
[2014/03/22 14:56:48 | 001,731,056 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 10.18.27.jpg
[2014/03/22 14:56:48 | 001,652,630 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.29.39.jpg
[2014/03/22 14:56:48 | 001,552,454 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.21.jpg
[2014/03/22 14:56:48 | 001,447,063 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-10 13.52.04.jpg
[2014/03/22 14:56:48 | 001,415,831 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-10 13.51.45.jpg
[2014/03/21 10:51:56 | 001,161,872 | ---- | C] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
[2014/03/19 14:57:39 | 000,133,934 | ---- | C] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_A2BE62579C.pdf
[2014/03/19 14:56:35 | 000,133,742 | ---- | C] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_D8ACB64038.pdf
[2014/03/08 14:43:28 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/03/08 14:42:40 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
[2014/03/08 14:42:40 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Achat de consommables - HP ENVY 5530 series.lnk
[2014/03/08 14:40:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/03/03 15:36:19 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/03/03 00:49:20 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/29 22:26:16 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/12/29 22:26:16 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/12/29 22:25:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013/12/29 22:25:47 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/12/29 22:25:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/12/29 22:24:33 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/12/29 22:24:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/12/29 22:24:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/11/19 19:53:53 | 000,000,664 | RHS- | C] () -- C:\Users\Family\ntuser.pol
[2013/11/17 20:58:40 | 000,378,880 | ---- | C] () -- C:\Windows\SysWow64\av_dll.dll
[2013/11/17 20:58:40 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\av_proxy.dll
[2013/11/05 14:56:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013/10/22 22:10:14 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/22 22:10:07 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/10/22 22:10:07 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/22 21:52:42 | 001,644,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/22 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\2BrightSparks
[2013/10/22 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG2014
[2013/10/22 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Canneverbe Limited
[2013/11/01 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.tribalnova.bayardkids.application
[2013/11/01 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.tribalnova.bayardkids.application.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
[2014/03/31 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Dropbox
[2014/03/31 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2013/12/17 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\IDT
[2014/03/31 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\inkscape
[2014/03/31 11:01:25 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\OpenCandy
[2014/03/31 14:12:24 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\SoftGrid Client
[2014/03/31 11:34:20 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\SupTab
[2013/10/22 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TP
[2014/03/31 11:09:34 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 381 bytes -> e:\Users\Family\Desktop\2014-02-09 12.08.30.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.29.39.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.29.28.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.21.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.10.jpg:com.dropbox.attributes
@Alternate Data Stream - 379 bytes -> e:\Users\Family\Desktop\2014-02-09 10.18.27.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-02-10 13.52.04.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-02-09 12.08.04.jpg:com.dropbox.attributes
@Alternate Data Stream - 376 bytes -> e:\Users\Family\Desktop\2014-02-10 13.51.45.jpg:com.dropbox.attributes
@Alternate Data Stream - 376 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.47.jpg:com.dropbox.attributes
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AD022376
 
< End of report >
 

 


  • 0

Advertisements

#2
Valinorum
Posted 31 March 2014 - 08:38 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Hi dlowry_uk, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
 

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Post the Extras.txt log located in E:\Users\Family\Downloads.

Regards,
Valinorum

 


  • 0

#3
dlowry_uk
Posted 31 March 2014 - 08:50 AM

dlowry_uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

extras.txt as requested.

 

OTL Extras logfile created on: 31/03/2014 16:10:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,91 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,59% Memory free
7,82 Gb Paging File | 4,82 Gb Available in Paging File | 61,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 106,85 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive E: | 151,60 Gb Total Space | 135,82 Gb Free Space | 89,59% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB9DDE4-EE6F-450C-9A29-AA0D6DEB02EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15CD566A-6914-4ACC-92D0-4B50B0CAF922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1BE9EB42-396E-4A71-B1CA-9F7F90036B15}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2061A217-62CD-4156-92F7-47474025AFA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{235B7A30-4ACE-46D6-9F8E-EF46F6D1C0A3}" = lport=48114 | protocol=6 | dir=in | name=maconfig_tcptls | 
"{24312C1C-6E8E-47AC-9E58-1BA218EE34D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{265AABA5-21B6-4246-A41E-478FB3F19343}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2FAC80A1-20AE-4FE2-BE94-228903963433}" = lport=5357 | protocol=6 | dir=in | name=port tcp ws-eventing 5357 | 
"{303F1068-B78E-4E83-922B-6E578F3C0F3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{3E32623D-F4A8-4A37-936C-E045E8302E4C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{534A8AD9-8DF3-48DD-9B6C-1E0AD2D2170D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{53F8EBF5-B3CD-417D-A464-B93D2FB3EA92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63A90DC4-9142-4A93-B8D6-3AD168B74550}" = rport=137 | protocol=17 | dir=out | app=system | 
"{655711D4-4867-481E-ADA2-1B1320437BB0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C678829-D40E-4034-92D9-A4AD8CDD4870}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80CDF3D0-5B22-40D8-AD68-D822776DEE87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{902189F3-BD58-427F-8E29-C836D82FA998}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{99D4E244-7D77-45C5-AE7E-FEB27D5F3A25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99F4BFA6-50C7-4624-AAD2-82468A663ACB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A8934629-089F-4AE7-8DE7-B4A6B4FE93BC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BDF4002D-D56D-47EF-99C6-01B3850E5A6B}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{C9A067F8-D43E-46F3-9FAC-E23226B29B79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA4D067C-F8A3-49A0-8377-B4674431DEDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{CD3921C2-7493-470E-981D-54258C56E5E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1719318-0DAE-4688-8651-623FB70E5F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D35F1D3A-E737-4623-8D59-8F3B343FE128}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D7A6FA3E-B08A-44AD-B258-F870B798C88F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2F75793-6C62-4973-A47C-84BDC6627331}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F800AAEC-C907-42B3-A339-0B03BF9FAF45}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00333BD3-8BC1-41CC-880F-C51559338D3A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0174912E-F08B-48BA-B6E5-2BE5B298A092}" = protocol=1 | dir=out | [email protected],-28544 | 
"{02B6B074-4D83-4BCC-BF34-EC795457AA9C}" = protocol=17 | dir=in | app=c:\program files (x86)\lg software\lg smart share\dms\smartsharedms.exe | 
"{0AA7FD30-F5E8-433E-A9A7-0705A14918DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{1A0A0482-6E8C-4433-AB08-B6B936DAF924}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{23CDBF46-32C9-438C-8D88-120C0F61B744}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{2594EA3A-A48B-4FA0-8F85-3998B32C2B77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25A5CC42-A68D-4BB5-BDF1-17F229F49D6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A37EDAC-A484-44DC-A87F-861BF7F9B4C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{37EC4A35-8817-46C4-8644-9CFE45A74038}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{39120F0B-0D13-4C23-83B0-90CAED4A53BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3AA61F3F-DE37-42E2-8276-CB927C719230}" = protocol=58 | dir=out | [email protected],-28546 | 
"{42C0FF4D-A1D1-44B2-A9E2-BB6C9FFDD033}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\devicesetup.exe | 
"{49994B31-49F3-44D1-98A0-BD070E5B240F}" = protocol=6 | dir=in | app=c:\program files (x86)\lg software\lg smart share\dmr\smartsharedmr.exe | 
"{4E1F93E3-18E8-4B40-B178-D5E32DBADC9D}" = protocol=17 | dir=in | app=c:\program files (x86)\lg software\lg smart share\dmr\smartsharedmr.exe | 
"{579BCEBF-0DC8-450D-931E-66D3B452F078}" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5B92E5F0-2FBC-4D98-9986-D4EF63644EC6}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{5BBEE366-31C7-4C05-9A42-B3F6AE416024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60D09A11-FAAF-4317-8A63-015451C18A36}" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{61979CDA-C486-4BF3-B5D7-4C2F61BB0C35}" = dir=in | app=c:\program files\hp\hp envy 5530 series\bin\hpnetworkcommunicatorcom.exe | 
"{61A7E898-101E-4613-94C8-E63C2619E63F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{6354E243-6DC7-49EC-BEE5-C378B0FA1A66}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{63AFA41A-8853-4FDA-BA45-5C1D982CD27E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{63CC7A14-E059-4040-958E-9CAA4C701980}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68AC93AF-5427-4CFF-BF55-B1D49D6FA93B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AB74321-3D6B-4520-9532-97BACA6A00B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{76329B9F-FB5E-444F-912D-BB0FE4AC8CDE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{79E205E9-764E-411C-955D-C1661281EC89}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl05a\faxrx.exe | 
"{81E31F5D-2576-47BC-8A91-0FD55FA105F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{85A848D9-84D4-4CCD-AB61-36607F904F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{86AB4BA3-1366-4E91-9CA8-821DC09FA4DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{8F151FF1-9A7E-462F-8F07-A0C90BE5DE26}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{910E6CDA-E825-4F91-B90A-BABF792DDFEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{94BD807F-D975-4CB4-9E11-76CCFD2A65E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{9953A0B3-9F61-451A-B43D-A15B183F0FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl05a\faxrx.exe | 
"{A0437610-9901-4E67-A04A-89E0CD4500CC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A12B0B50-2500-40D8-ABF0-003AE75DBA88}" = protocol=6 | dir=in | app=c:\program files (x86)\lg software\lg smart share\dms\smartsharedms.exe | 
"{A6E52BE8-E828-49B6-A0FF-EE571901AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABD04D98-6961-47EB-81B1-023514B6FE02}" = protocol=6 | dir=out | app=system | 
"{AE33B78A-9E55-4E47-95A9-E1C4E8915C62}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{BD2CAB99-4EF0-4295-AEFE-75348FD231AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0260258-9697-453F-A1E0-9C8B0A8E9151}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7AD30FC-E9D4-43BB-BBDF-709758EDE996}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C93B668D-6877-4768-B692-957D3A24A126}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{D1E993ED-DDB9-4692-92C1-FC8BBEF1196B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D6DEA2C6-ED58-403A-84FF-A06A1E0120A2}" = protocol=58 | dir=in | [email protected],-28545 | 
"{DC3B03D9-A70B-4949-8403-DBA0DA7BBBEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DCAFC882-9B61-4ECB-A2EB-9E5067208A72}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{DD525962-A1FD-4C97-AE5E-A92F4CB37996}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{FA1669B9-2F53-4657-A4DC-0498EFB3E980}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{FBC1E246-EB4A-4FC1-BD5A-92AB4C000820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FC1EFA3F-3887-47CB-BE87-B5EA1B885DD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD278C84-BDCC-47AE-87CF-A699A218A095}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"TCP Query User{79413D8F-7FC2-417B-AFEB-C5834E71C4E1}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F49E9B33-7550-46A5-9996-8E4961FC6750}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\family\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5A3A9557-31E8-44F9-A2CF-CC5581ECDE70}" = Logiciel de base du périphérique HP ENVY 5530 series
"{5F0C22BC-40C1-4493-931E-0E85EE4FD289}" = Ma-Config.com (64 bits)
"{6AFCAB3D-25B7-48BC-9AA7-D4534B97F491}" = Étude pour l'amélioration du produit HP ENVY 5530 series
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7C6CD9B4-B230-4E76-80AA-FB465FF4DE29}" = Intel® PROSet/Wireless WiFi Software Driver
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{A94C50AA-21E8-4627-ADD0-E16A07030D7D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C22759DB-BA8B-30E7-99EE-8B47DB43AE56}" = Microsoft .NET Framework 4.5.1 (FRA)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
"{DEF50764-F1A7-4DD4-B8BA-C81A4807631A}" = Intel® PROSet/Wireless WiFi Software
"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014
"{E01EEE45-7768-4984-BDB2-76F5C5A823BE}" = Dell Custom Help
"{E1A9DC0F-CF86-4570-A270-591A83C5B22C}" = AVG 2014
"AVG" = AVG 2014
"CCleaner" = CCleaner
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{45D18216-2965-4CB4-A70E-F88E71B8A33B}_is1" = Albelli Livres Photos
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31/03/2014 07:20:30 | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante PluginService.exe, version : 13.27.0.81,
 horodatage : 0x532696c6  Nom du module défaillant : DpInterface32.dll, version : 
3.0.2.3417, horodatage : 0x5315b066  Code d’exception : 0xc0000005  Décalage d’erreur
 : 0x00098dae  ID du processus défaillant : 0x668  Heure de début de l’application défaillante
 : 0x01cf4cd1eb54cb69  Chemin d’accès de l’application défaillante : C:\ProgramData\IePluginService\PluginService.exe
Chemin
 d’accès du module défaillant: C:\Program Files (x86)\SupTab\DpInterface32.dll  ID
 de rapport : 76f8b600-b8c6-11e3-a0de-ac7289c9ec66
 
Error - 31/03/2014 07:20:30 | Computer Name = Family-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante RSHP.exe, version : 1.0.3.3432, horodatage
 : 0x53168254  Nom du module défaillant : DpInterface32.dll, version : 3.0.2.3417,
 horodatage : 0x5315b066  Code d’exception : 0xc0000005  Décalage d’erreur : 0x00098dae
ID
 du processus défaillant : 0x840  Heure de début de l’application défaillante : 0x01cf4cd338f8daf6
Chemin
 d’accès de l’application défaillante : C:\Program Files (x86)\SupTab\RSHP.exe  Chemin
 d’accès du module défaillant: C:\Program Files (x86)\SupTab\DpInterface32.dll  ID
 de rapport : 77212d65-b8c6-11e3-a0de-ac7289c9ec66
 
 
< End of report >
 

  • 0

#4
Valinorum
Posted 02 April 2014 - 05:50 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

My ISP is having some issue. I will post your fix by tomorrow. Thank you for staying with me.


  • 0

#5
Valinorum
Posted 04 April 2014 - 01:20 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Hi dlowry_uk, :)
 

  • Step #1 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    SRV - [2014/03/04 17:34:29 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
    IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1777342566&ir=
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...Y112EM0N12EM0NX
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1777342566&ir=
    IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1777342566&ir=
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2014-02-13 13:54:44&v=17.3.1.204&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/13 14:54:57 | 000,000,000 | ---D | M]
    CHR - default_search_provider: webssearches (Enabled)
    CHR - default_search_provider: search_url = http://istart.websse...q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://istart.websse...Y112EM0N12EM0NX
    CHR - plugin: Error reading preferences file
    O2:64bit: - BHO: (HQVid9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid9\HQVid9-bho64.dll (High-quality9)
    O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
    O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
    O2 - BHO: (HQVid9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid9\HQVid9-bho.dll (High-quality9)
    O2 - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
    O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [fst_fr_133]  File not found
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Family\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=925d7b076d5147d392ad7d3bcf2d0595-2769446d5dde3ce3b4feb3f8abf79309a428c6a9 /CMPID=1213b File not found
    O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
    [2014/03/31 11:45:54 | 001,172,776 | ---- | C] (AnyProtect.com) -- C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe
    [2014/03/31 11:34:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\SupTab
    [2014/03/31 11:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
    [2014/03/31 11:33:12 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Optimizer Pro
    [2014/03/31 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Lollipop
    [2014/03/31 11:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2014/03/04 17:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2014/03/28 16:38:22 | 001,172,776 | ---- | M] (AnyProtect.com) -- C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AD022376
    [2014/03/31 11:47:30 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Mobogenie
    [2014/03/31 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Mobogenie
    [2014/03/31 11:01:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\OpenCandy

    :Commands
    [emptytemp]
    [resethosts]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

Regarding Google Chrome please refer to the Set your homepage & Search engine and other settings taken over by an unwanted programme to rectify the issue.

 

 
 

  • Step #2 Fix with AdwCleaner
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

 
 

  • Step #3 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 
 

  • Required Log(s):
  • OTL Fix Log;
  • AdwCleaner Log;
  • Junkware Removal Tool Log

Regards,
Valinorum

 


  • 0

#6
dlowry_uk
Posted 04 April 2014 - 02:23 AM

dlowry_uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service vToolbarUpdater18.0.0 stopped successfully!
Service vToolbarUpdater18.0.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}\ deleted successfully.
C:\Program Files (x86)\HQVid9\HQVid9-bho64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}\ deleted successfully.
C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}\ deleted successfully.
C:\Program Files (x86)\HQVid9\HQVid9-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}\ deleted successfully.
C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
C:\Program Files (x86)\SupTab\SupTab.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8E07826-0971-4f16-B133-047B88034E89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E07826-0971-4f16-B133-047B88034E89}\ deleted successfully.
C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\coieplg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_fr_133 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~2.DLL deleted successfully.
C:\Program Files (x86)\SupTab\SearchProtect64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~1.DLL deleted successfully.
C:\Program Files (x86)\SupTab\SearchProtect32.dll moved successfully.
C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe moved successfully.
C:\Users\Family\AppData\Roaming\SupTab folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pl folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-IT folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-CH folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-ES folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-419 folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\en-US folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales folder moved successfully.
C:\Program Files (x86)\SupTab\web\js folder moved successfully.
C:\Program Files (x86)\SupTab\web\img\weather folder moved successfully.
C:\Program Files (x86)\SupTab\web\img folder moved successfully.
C:\Program Files (x86)\SupTab\web folder moved successfully.
Folder move failed. C:\Program Files (x86)\SupTab scheduled to be moved on reboot.
e:\Users\Family\Documents\Optimizer Pro folder moved successfully.
C:\Users\Family\AppData\Local\Lollipop folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities 2014 folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\ProgramData\TuneUp Software folder moved successfully.
C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
C:\ProgramData\AVG Secure Search folder moved successfully.
File C:\Users\Family\AppData\Local\AnyProtectScannerSetup.exe not found.
ADS C:\ProgramData\TEMP:AD022376 deleted successfully.
e:\Users\Family\Documents\Mobogenie folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Family\AppData\Local\Mobogenie folder moved successfully.
C:\Users\Family\AppData\Roaming\OpenCandy\217F30B27D5B44819C68D327913655B0 folder moved successfully.
C:\Users\Family\AppData\Roaming\OpenCandy folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Enfants
->Temp folder emptied: 6328648 bytes
->Temporary Internet Files folder emptied: 1021403 bytes
->Google Chrome cache emptied: 73853511 bytes
->Flash cache emptied: 58058 bytes
 
User: Family
->Temp folder emptied: 258500319 bytes
->Temporary Internet Files folder emptied: 5472598 bytes
->Google Chrome cache emptied: 138778083 bytes
->Flash cache emptied: 58158 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 43320 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8948559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43275798 bytes
RecycleBin emptied: 173270 bytes
 
Total Files Cleaned = 512,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04042014_094521
 
Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll scheduled to be moved on reboot.
C:\Program Files (x86)\SupTab folder moved successfully.
C:\Users\Enfants\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Family\AppData\Local\Temp\BITB398.tmp scheduled to be moved on reboot.
C:\Users\Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\uxt9378.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Adw log:
 
# AdwCleaner v3.023 - Rapport créé le 04/04/2014 à 10:03:25
# Mis à jour le 01/04/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Family - FAMILY-PC
# Exécuté depuis : E:\Users\Family\Downloads\AdwCleaner.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
Service Supprimé : IePluginService
Service Supprimé : MovieMode
Service Supprimé : Re-markit
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\ProgramData\AVG SafeGuard toolbar
Dossier Supprimé : C:\ProgramData\AVG Security Toolbar
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\IePluginService
Dossier Supprimé : C:\ProgramData\MovieMode
Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\Program Files (x86)\AVG SafeGuard toolbar
Dossier Supprimé : C:\Program Files (x86)\predm
Dossier Supprimé : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Dossier Supprimé : C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
Dossier Supprimé : C:\Users\Family\AppData\Local\MovieMode
Dossier Supprimé : C:\Users\Family\AppData\Local\Tuguu_SL
Dossier Supprimé : C:\Users\Family\AppData\LocalLow\AVG SafeGuard toolbar
Dossier Supprimé : e:\Users\Family\Documents\PC Speed Maximizer
Dossier Supprimé : C:\Users\Enfants\AppData\Local\AVG SafeGuard toolbar
Dossier Supprimé : C:\Users\Enfants\AppData\Local\MovieMode
Dossier Supprimé : C:\Users\Enfants\AppData\LocalLow\AVG SafeGuard toolbar
Fichier Supprimé : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Fichier Supprimé : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Fichier Supprimé : C:\Windows\Tasks\Re-markit Update.job
Fichier Supprimé : C:\Windows\System32\Tasks\Re-markit Update
 
***** [ Raccourcis ] *****
 
Raccourci Désinfecté : C:\Users\Public\Desktop\Google Chrome.lnk
Raccourci Désinfecté : e:\Users\Family\Desktop\Internet Explorer.lnk
Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Registre ] *****
 
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Clé Supprimée : HKCU\Software\Classes\pokki
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\S
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Clé Supprimée : HKCU\Software\AVG SafeGuard toolbar
Clé Supprimée : HKCU\Software\AVG Secure Search
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\installedbrowserextensions
Clé Supprimée : HKCU\Software\lollipop
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\UpdateStar
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\DynConIE
Clé Supprimée : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\Software\AVG SafeGuard toolbar
Clé Supprimée : HKLM\Software\AVG Security Toolbar
Clé Supprimée : HKLM\Software\free_soft_to_day
Clé Supprimée : HKLM\Software\installedbrowserextensions
Clé Supprimée : HKLM\Software\supTab
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\Tutorials
Clé Supprimée : HKLM\Software\webssearchesSoftware
Clé Supprimée : HKLM\Software\Wpm
Clé Supprimée : [x64] HKLM\SOFTWARE\installedbrowserextensions
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
*************************
 
AdwCleaner[R0].txt - [12339 octets] - [04/04/2014 09:57:20]
AdwCleaner[S0].txt - [10626 octets] - [04/04/2014 10:03:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10687 octets] ##########
 
 
JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Family on 04/04/2014 at 10:08:45,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/04/2014 at 10:17:07,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#7
Valinorum
Posted 05 April 2014 - 04:58 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Re-run OTL and click on Quick Scan. Post the log after the scan. Also, inform me about the current condition of you system.


  • 0

#8
dlowry_uk
Posted 05 April 2014 - 04:32 PM

dlowry_uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
The system seems fine now, no unusual behaviour. OTL log:

OTL logfile created on: 06/04/2014 00:23:05 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = e:\Users\Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,66% Memory free
7,82 Gb Paging File | 6,06 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 106,52 Gb Free Space | 72,77% Space Free | Partition Type: NTFS
Drive E: | 151,60 Gb Total Space | 134,74 Gb Free Space | 88,88% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/04/04 09:36:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\Users\Family\Desktop\OTL (2).exe
PRC - [2014/03/19 21:17:52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/02/10 18:37:36 | 000,570,944 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\nf.exe
PRC - [2014/01/03 02:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Family\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/22 01:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2004/06/14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/03 02:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 06:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/04 11:50:20 | 002,542,416 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 03:53:50 | 000,770,528 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013/02/08 17:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/02/08 17:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/02/08 17:39:48 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/02/08 17:39:14 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/09/12 18:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/09/08 05:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/03/31 11:11:58 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/02/10 18:37:36 | 000,570,944 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\NF.exe -- (NSM)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/11/15 06:30:44 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/06/14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/04 17:34:29 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/12/18 22:40:17 | 000,246,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSMx64\0209050.01D\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/24 00:09:13 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/22 22:06:36 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/10/22 22:06:34 | 000,872,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/27 14:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSMx64\0209050.01D\ccsetx64.sys -- (ccSet_NSM)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/27 11:02:56 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/02/13 03:54:16 | 000,163,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/02/13 03:54:16 | 000,163,808 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/02/05 11:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 02:03:46 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/19 22:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/08 05:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/07/21 20:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE E1 9D BE 59 CF CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {F6994DCF-2629-433E-863C-7486A6455305}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{F6994DCF-2629-433E-863C-7486A6455305}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\ [2014/04/05 11:05:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Nortonâ„¢ Family = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.9.5.32_1\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/04/04 09:47:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [HP ENVY 5530 series (NET)] C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [*TampMon] C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe (Symantec Corporation)
O4 - Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9E1454C-1382-4F78-B9FF-811152115C17}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/05 11:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/05 11:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014/04/05 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2014/04/05 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/04/05 11:24:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/04/05 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/04/05 11:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/04/05 11:20:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/05 11:16:10 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Microsoft Office 2007
[2014/04/05 11:15:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/04 19:47:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG2014
[2014/04/04 19:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/04 19:46:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/04/04 19:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/04/04 19:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/04/04 19:29:08 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/04 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2014/04/04 19:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/04/04 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014
[2014/04/04 10:08:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/04 09:57:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/04 09:38:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- e:\Users\Family\Desktop\OTL (2).exe
[2014/03/31 13:01:33 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/31 11:47:33 | 000,000,000 | ---D | C] -- C:\Users\Family\.android
[2014/03/31 11:47:32 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\cache
[2014/03/31 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014/03/31 11:07:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/03/31 11:01:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2014/03/26 22:59:32 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\CrashDumps
[2014/03/11 14:31:11 | 000,000,000 | ---D | C] -- e:\Users\Family\Documents\Tricot
[2014/03/08 14:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/03/08 14:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/03/08 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\HpUpdate
[2014/03/08 14:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/03/08 14:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/03/08 14:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/03/08 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/03/08 14:39:03 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\HP
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/05 23:56:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/05 23:44:44 | 001,668,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/05 23:44:44 | 000,747,570 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/04/05 23:44:44 | 000,654,140 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/05 23:44:44 | 000,150,062 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/04/05 23:44:44 | 000,122,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/05 23:42:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/05 23:38:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/05 11:26:54 | 000,002,667 | ---- | M] () -- e:\Users\Family\Desktop\Microsoft Office PowerPoint 2007.lnk
[2014/04/05 11:26:50 | 000,002,683 | ---- | M] () -- e:\Users\Family\Desktop\Microsoft Office Publisher 2007.lnk
[2014/04/05 11:26:47 | 000,002,753 | ---- | M] () -- e:\Users\Family\Desktop\Microsoft Office Word 2007.lnk
[2014/04/05 11:26:43 | 000,002,711 | ---- | M] () -- e:\Users\Family\Desktop\Microsoft Office Excel 2007.lnk
[2014/04/05 11:12:53 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 11:12:53 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 11:05:42 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 11:05:15 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/05 11:04:58 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/04 20:16:55 | 000,004,519 | ---- | M] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2014/04/04 19:46:44 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/04 18:55:11 | 000,001,051 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/04 10:03:30 | 000,001,314 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/04 10:03:30 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/04 10:03:30 | 000,001,186 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/04 10:03:30 | 000,001,042 | ---- | M] () -- e:\Users\Family\Desktop\Internet Explorer.lnk
[2014/04/04 09:47:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/04 09:36:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\Users\Family\Desktop\OTL (2).exe
[2014/03/31 15:24:02 | 000,238,695 | ---- | M] () -- e:\Users\Family\Desktop\AlcN0ZM4O3c5B5j5c88xi9prb5c.jpg
[2014/03/31 15:08:26 | 000,019,462 | ---- | M] () -- e:\Users\Family\Desktop\1918-2-lion-dans-la-savane.jpg
[2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/31 12:23:28 | 000,001,003 | ---- | M] () -- e:\Users\Family\Desktop\Continue VuuPC Installation.lnk
[2014/03/31 12:20:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/31 12:00:06 | 000,000,318 | ---- | M] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
[2014/03/31 11:59:38 | 000,000,043 | ---- | M] () -- C:\Users\Family\AppData\Roaming\WB.CFG
[2014/03/31 11:32:06 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/22 15:42:17 | 002,098,156 | ---- | M] () -- e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg
[2014/03/19 14:57:40 | 000,133,934 | ---- | M] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_A2BE62579C.pdf
[2014/03/19 14:56:35 | 000,133,742 | ---- | M] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_D8ACB64038.pdf
[2014/03/08 14:43:28 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/03/08 14:42:40 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
[2014/03/08 14:42:40 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Achat de consommables - HP ENVY 5530 series.lnk
[2014/03/08 14:40:40 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[1 C:\Users\Family\AppData\Local\*.tmp files -> C:\Users\Family\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/05 11:26:54 | 000,002,667 | ---- | C] () -- e:\Users\Family\Desktop\Microsoft Office PowerPoint 2007.lnk
[2014/04/05 11:26:50 | 000,002,683 | ---- | C] () -- e:\Users\Family\Desktop\Microsoft Office Publisher 2007.lnk
[2014/04/05 11:26:47 | 000,002,753 | ---- | C] () -- e:\Users\Family\Desktop\Microsoft Office Word 2007.lnk
[2014/04/05 11:26:43 | 000,002,711 | ---- | C] () -- e:\Users\Family\Desktop\Microsoft Office Excel 2007.lnk
[2014/04/05 11:12:42 | 508,977,247 | ---- | C] () -- e:\Users\Family\Documents\Microsoft Office 2007.zip
[2014/04/05 11:05:01 | 000,275,856 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/04 20:16:55 | 000,004,519 | ---- | C] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2014/04/04 19:46:44 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/04 18:55:11 | 000,001,051 | ---- | C] () -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/03/31 15:24:01 | 000,238,695 | ---- | C] () -- e:\Users\Family\Desktop\AlcN0ZM4O3c5B5j5c88xi9prb5c.jpg
[2014/03/31 15:08:26 | 000,019,462 | ---- | C] () -- e:\Users\Family\Desktop\1918-2-lion-dans-la-savane.jpg
[2014/03/31 12:23:28 | 000,001,003 | ---- | C] () -- e:\Users\Family\Desktop\Continue VuuPC Installation.lnk
[2014/03/31 11:59:38 | 000,000,043 | ---- | C] () -- C:\Users\Family\AppData\Roaming\WB.CFG
[2014/03/31 11:40:05 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/31 11:40:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/31 11:40:04 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/31 11:39:52 | 000,000,318 | ---- | C] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
[2014/03/31 11:32:06 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/22 14:56:48 | 002,152,884 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.47.jpg
[2014/03/22 14:56:48 | 002,098,156 | ---- | C] () -- e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg
[2014/03/22 14:56:48 | 002,051,085 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.08.04.jpg
[2014/03/22 14:56:48 | 001,977,739 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.10.jpg
[2014/03/22 14:56:48 | 001,936,905 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.08.30.jpg
[2014/03/22 14:56:48 | 001,848,433 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.29.28.jpg
[2014/03/22 14:56:48 | 001,731,056 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 10.18.27.jpg
[2014/03/22 14:56:48 | 001,652,630 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.29.39.jpg
[2014/03/22 14:56:48 | 001,552,454 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-09 12.07.21.jpg
[2014/03/22 14:56:48 | 001,447,063 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-10 13.52.04.jpg
[2014/03/22 14:56:48 | 001,415,831 | ---- | C] () -- e:\Users\Family\Desktop\2014-02-10 13.51.45.jpg
[2014/03/19 14:57:39 | 000,133,934 | ---- | C] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_A2BE62579C.pdf
[2014/03/19 14:56:35 | 000,133,742 | ---- | C] () -- e:\Users\Family\Desktop\render.groupon-content.net_farm_v1_voucher_111813991_part1_D8ACB64038.pdf
[2014/03/08 14:43:28 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/03/08 14:42:40 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
[2014/03/08 14:42:40 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Achat de consommables - HP ENVY 5530 series.lnk
[2014/03/08 14:40:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/29 22:26:16 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/12/29 22:26:16 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/12/29 22:25:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013/12/29 22:25:47 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/12/29 22:25:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/12/29 22:24:33 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/12/29 22:24:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/12/29 22:24:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/11/19 19:53:53 | 000,000,664 | RHS- | C] () -- C:\Users\Family\ntuser.pol
[2013/11/17 20:58:40 | 000,378,880 | ---- | C] () -- C:\Windows\SysWow64\av_dll.dll
[2013/11/17 20:58:40 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\av_proxy.dll
[2013/11/05 14:56:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2013/10/22 22:10:14 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/22 22:10:07 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/10/22 22:10:07 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/22 21:52:42 | 001,644,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/22 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\2BrightSparks
[2014/04/04 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG2014
[2013/10/22 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Canneverbe Limited
[2013/11/01 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.tribalnova.bayardkids.application
[2013/11/01 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\com.tribalnova.bayardkids.application.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
[2014/04/05 11:06:30 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Dropbox
[2014/03/31 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2013/12/17 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\IDT
[2014/04/05 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\inkscape
[2014/04/05 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\SoftGrid Client
[2014/04/04 19:15:28 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TP
[2014/03/31 11:09:34 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 381 bytes -> e:\Users\Family\Desktop\2014-02-09 12.08.30.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.29.39.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.29.28.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.21.jpg:com.dropbox.attributes
@Alternate Data Stream - 380 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.10.jpg:com.dropbox.attributes
@Alternate Data Stream - 379 bytes -> e:\Users\Family\Desktop\2014-02-09 10.18.27.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-03-22 14.42.17.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-02-10 13.52.04.jpg:com.dropbox.attributes
@Alternate Data Stream - 378 bytes -> e:\Users\Family\Desktop\2014-02-09 12.08.04.jpg:com.dropbox.attributes
@Alternate Data Stream - 376 bytes -> e:\Users\Family\Desktop\2014-02-10 13.51.45.jpg:com.dropbox.attributes
@Alternate Data Stream - 376 bytes -> e:\Users\Family\Desktop\2014-02-09 12.07.47.jpg:com.dropbox.attributes

< End of report >
  • 0

#9
Valinorum
Posted 07 April 2014 - 02:48 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi dlowry_uk, :)
  • Step #4 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      [2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
      [2014/03/31 13:11:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
      [2014/03/31 12:23:28 | 000,001,003 | ---- | M] () -- e:\Users\Family\Desktop\Continue VuuPC Installation.lnk
      [2014/03/31 12:20:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
      [2014/03/31 12:00:06 | 000,000,318 | ---- | M] () -- C:\Users\Family\AppData\Roaming\aps.uninstall.scan.results
      [2014/03/31 11:09:34 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software
      O4 - HKLM..\RunOnce: [*TampMon] C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\tampmon.exe (Symantec Corporation)

      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "*TampMon"=-

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: EOLS1.gif.pagespeed.ce.drf6rgtaCz.gif

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:EOLS2.gif.pagespeed.ce.lNUTYf4hmK.gif
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:EOLS3.gif.pagespeed.ce.KadG-KgShM.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    When The Scan is Complete:
    • If No Threats Were Found:
      • Put a checkmark in "Uninstall application on close"
      • Close the program
      • Report to me that nothing was found
    • If Threats Were Found:
      • Click on "list of threats found"
      • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
      • Click on Back
      • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
      • Click on Finish
      • Close the program
      • Copy and paste the report here
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
  • Required Log(s):
    • OTL Fix Log;
    • MBAM Scan Log;
    • ESET Scan Log
Regards,
Valinorum
  • 0

#10
Dakeyras
Posted 11 April 2014 - 04:19 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP