Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Genuine License [Closed]

Started by Tony Canevaro , Dec 04 2014 10:36 PM

  • This topic is locked This topic is locked

#1
Tony Canevaro
Posted 04 December 2014 - 10:36 PM

Tony Canevaro

    Member

  • Member
  • PipPip
  • 52 posts

Wife's laptop seems to be infected with the Windows Genuine Software Malware and other glitches are being noticed including a yahoo redirect when opening a new tab via hyperlink. Here is the OTL log, I also will bost the Farbar log below that.

 

OTL logfile created on: 12/4/2014 8:35:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.90 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 62.77% Memory free
3.75 Gb Paging File | 2.98 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 54.85 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
 
Computer Name: XPUSER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/04 20:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2014/11/28 07:44:06 | 006,884,840 | ---- | M] (Hola Networks Ltd.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Hola\firefox\app\hola_plugin.exe
PRC - [2014/11/27 09:45:14 | 005,815,616 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/11/27 09:45:14 | 003,476,288 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/11/27 09:45:14 | 003,312,960 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/11/12 23:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2014/11/12 07:39:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/08/25 05:12:17 | 002,640,408 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2014/08/11 11:09:11 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/11 11:09:10 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/22 20:39:43 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2010/05/20 23:59:44 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:59:42 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/07/03 23:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/02 17:07:01 | 000,043,008 | ---- | M] () -- c:\Documents and Settings\Admin\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pd5be.dll
MOD - [2014/11/12 23:49:58 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/11/12 07:39:00 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/08/25 05:12:17 | 002,640,408 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2014/08/11 11:09:12 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014/08/11 11:09:10 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/11/27 09:45:14 | 003,312,960 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/11/26 01:07:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/12 07:39:00 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/11 11:09:11 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/08/11 11:09:12 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/10/27 21:58:34 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/10/27 21:58:33 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2010/07/18 13:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/07/13 20:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
DRV - [2010/04/07 16:06:39 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/08/16 15:00:00 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/08/19 03:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 9B F2 E8 09 E3 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7CF3B9-F620-45C3-9E9A-00180C1745ED}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7391C0DB-12D1-4EB0-9D01-AAADDE456F29}&mid=6d8ffe5233b247d09a4fd16f806f9805-62e9d5ec38cb13bb103388f855445c048e45bb1f&lang=en&ds=AVG&pr=pr&d=2012-09-13 08:40:08&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799\ [2014/08/25 05:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/22 20:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/22 20:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/12 07:38:44 | 000,000,000 | ---D | M]
 
[2012/02/04 22:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2014/12/04 17:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\extensions
[2014/12/04 17:40:16 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/05/12 06:28:10 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/11/12 07:38:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/11/12 07:39:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/22 20:39:49 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - homepage: http://search.condui...C9A85890F&SSPV=
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: iTunes Application Detector (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - default_search_provider: C9B2F54899D31EB449839EB6148087DB4072C7CC6A1C19BB46B461648A67DA42 (Enabled)
CHR - default_search_provider: search_url = EF28C5187672F5B327F4F2AC85672C1C9573BE6854E68FBC6A99831A87DA7788
CHR - default_search_provider: suggest_url =
CHR - homepage: 3532641C5493DACFFF95FF551EE1672DE1B6165D49284143D32AD6F959F2921F
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{067981B1-6256-48B0-A547-15F59B197671}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/04 00:50:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/04 20:14:35 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/03 17:20:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2014/11/25 17:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Hola
[2014/11/25 17:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2014/11/25 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/11/12 07:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/04 20:19:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
[2014/12/04 20:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/04 19:48:00 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/04 18:30:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
[2014/12/04 16:04:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/12/03 21:30:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
[2014/12/03 09:16:55 | 000,082,114 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Chris Conrad.pdf
[2014/12/03 02:19:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
[2014/12/02 17:06:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:06:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:05:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/02 17:05:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/12/02 17:05:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2014/12/02 17:05:10 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:05:10 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/12/02 17:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/02 17:04:55 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/28 18:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/11/28 07:58:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Microsoft Office Word 2007.lnk
[2014/11/28 07:40:58 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/11/28 07:40:58 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/11/26 21:43:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/11/26 14:20:39 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/26 14:20:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2014/11/26 01:07:09 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/11/26 01:07:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/11/25 17:53:52 | 000,041,994 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\US.jpg
[2014/11/25 17:24:22 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/11/23 17:37:27 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/23 17:37:07 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
[2014/11/12 07:16:25 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/11/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/11/07 10:32:39 | 000,188,794 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\keep-calm-and-just-be-the-best-you-can-be-3.png
[2014/11/07 10:11:33 | 000,145,496 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Banana.jpg
[2014/11/06 21:40:22 | 000,164,256 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Calgary Regional Nov.jpg
[5 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/03 09:16:52 | 000,082,114 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Chris Conrad.pdf
[2014/11/25 17:53:51 | 000,041,994 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\US.jpg
[2014/11/07 10:32:38 | 000,188,794 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\keep-calm-and-just-be-the-best-you-can-be-3.png
[2014/11/07 10:11:33 | 000,145,496 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Banana.jpg
[2014/11/06 21:40:22 | 000,164,256 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Calgary Regional Nov.jpg
[2014/04/10 02:20:47 | 000,165,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/09 21:37:38 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamStudio.cfg
[2014/04/09 21:37:38 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamShapes.ini
[2014/04/09 21:37:38 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamLayout.ini
[2014/04/09 21:37:38 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Camdata.ini
[2014/04/09 21:29:16 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\version2.xml
[2013/06/27 06:29:18 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/08 13:33:43 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rbxcsettings.rbx
[2012/03/03 12:08:04 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013/10/18 06:34:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/09/16 09:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Admin (administrator) on XPUSER on 04-12-2014 20:14:42
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hola Networks Ltd.) C:\Documents and Settings\Admin\Local Settings\Application Data\Hola\firefox\app\hola_plugin.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [118784 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1323008 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-22] (RealNetworks, Inc.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe                                                                                     
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Google Update] => C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Facebook Update] => C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-07-24] (Facebook Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [216896 2014-11-27] (Client Connect LTD)
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED9BF2E809E3CC01
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7391C0DB-12D1-4EB0-9D01-AAADDE456F29}&mid=6d8ffe5233b247d09a4fd16f806f9805-62e9d5ec38cb13bb103388f855445c048e45bb1f&lang=en&ds=AVG&pr=pr&d=2012-09-13 08:40:08&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Admin\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Hola Better Internet - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-04]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-22]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV="
CHR DefaultNewTabURL: Default -> https://www.trovi.co...85890F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-24]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-08]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-02-10]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\DOCUME~1\Admin\LOCALS~1\Temp\ccex.crx [Not Found]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3312960 2014-11-27] (Client Connect LTD)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-04] (Sun Microsystems, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-08-19] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2010-07-18] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2010-04-07] (Intel Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [5632 2010-10-27] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [5632 2010-10-27] (Marvell Semiconductor Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6650752 2010-07-13] (Intel Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 20:14 - 2014-12-04 20:14 - 00000000 ____D () C:\FRST
2014-12-04 07:55 - 2014-12-04 07:55 - 00001350 _____ () C:\WINDOWS\KB2481109.log
2014-11-25 17:27 - 2014-11-25 17:27 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Hola
2014-11-25 17:24 - 2014-11-25 17:24 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-25 17:24 - 2014-11-25 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-13 09:23 - 2014-11-13 09:24 - 70040235 _____ () C:\Documents and Settings\Admin\Desktop\CanadaRegionals_November-2014(EN)_revise NEW.pptx
2014-11-12 07:38 - 2014-11-12 07:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-06 19:01 - 2014-11-06 19:02 - 61615091 _____ () C:\Documents and Settings\Admin\Desktop\CanadaRegionals_November-2014(EN).pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 20:15 - 2012-02-04 00:59 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2014-12-04 20:07 - 2012-04-10 13:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-04 20:06 - 2012-04-05 17:51 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Skype
2014-12-04 19:48 - 2014-07-08 12:47 - 00000514 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-04 19:19 - 2012-02-03 23:56 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
2014-12-04 18:30 - 2013-07-24 20:25 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
2014-12-04 18:19 - 2012-02-04 00:57 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-04 16:04 - 2012-04-23 05:00 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-04 07:55 - 2012-02-04 00:49 - 01088387 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-03 21:30 - 2013-07-24 20:25 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
2014-12-03 17:21 - 2013-02-19 12:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-03 17:20 - 2012-02-04 00:59 - 00000000 ____D () C:\Documents and Settings\Admin
2014-12-03 09:16 - 2012-03-18 20:33 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\CutePDF Writer
2014-12-03 02:19 - 2012-02-03 23:56 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
2014-12-02 17:07 - 2012-08-20 13:27 - 00000000 ___RD () C:\Documents and Settings\Admin\My Documents\Dropbox
2014-12-02 17:07 - 2012-08-20 12:54 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Dropbox
2014-12-02 17:06 - 2013-12-19 23:05 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\newnext.me
2014-12-02 17:06 - 2013-09-22 20:41 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:06 - 2013-09-22 20:41 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:05 - 2014-03-14 06:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-02 17:05 - 2013-09-22 20:43 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:05 - 2013-06-08 10:15 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-02 17:05 - 2013-01-22 14:38 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2014-12-02 17:05 - 2012-02-04 00:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 17:05 - 2012-02-03 17:43 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-12-02 17:05 - 2012-02-03 17:43 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-12-02 17:05 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-02 09:07 - 2014-03-05 21:19 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\NeriumCanada
2014-12-02 08:08 - 2014-01-30 17:25 - 00000000 ____D () C:\Program Files\SearchProtect
2014-12-01 08:53 - 2014-03-03 08:51 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\My Quotes
2014-11-28 18:58 - 2012-03-04 16:09 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-28 07:58 - 2012-03-04 16:18 - 00002515 _____ () C:\Documents and Settings\Admin\Desktop\Microsoft Office Word 2007.lnk
2014-11-28 07:40 - 2012-02-03 17:39 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-26 21:43 - 2013-09-22 20:43 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-11-26 14:20 - 2012-02-03 23:57 - 00002284 _____ () C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
2014-11-26 01:07 - 2012-04-10 13:53 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 01:07 - 2012-02-04 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 17:24 - 2014-03-18 07:54 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-25 17:24 - 2013-09-12 07:07 - 00000000 ___RD () C:\Program Files\Skype
2014-11-25 17:24 - 2012-04-05 17:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-11-25 17:20 - 2012-05-10 07:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-23 17:37 - 2012-08-20 13:27 - 00001008 _____ () C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
2014-11-23 17:37 - 2012-08-20 12:55 - 00000000 ____D () C:\Documents and Settings\Admin\Start Menu\Programs\Dropbox
2014-11-19 11:55 - 2012-02-04 00:59 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2014-11-14 03:28 - 2014-03-06 02:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
2014-11-12 07:16 - 2013-09-22 20:43 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-11-12 03:26 - 2012-02-04 23:11 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-11-12 03:10 - 2012-02-04 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 03:07 - 2013-07-21 07:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:01 - 2012-02-29 10:31 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 05:13 - 2012-02-04 22:18 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Mozilla
2014-11-08 15:00 - 2014-03-14 06:26 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pd5be.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


  • 0

Advertisements

#2
Essexboy
Posted 05 December 2014 - 09:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV="
CHR DefaultNewTabURL: Default -> https://www.trovi.co...85890F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\DOCUME~1\Admin\LOCALS~1\Temp\ccex.crx [Not Found]
2014-12-02 17:06 - 2013-12-19 23:05 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\newnext.me
2014-12-02 08:08 - 2014-01-30 17:25 - 00000000 ____D () C:\Program Files\SearchProtect
2014-11-14 03:28 - 2014-03-06 02:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
C:\Program Files\Mobogenie
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
Tony Canevaro
Posted 06 December 2014 - 06:26 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

FRST log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by Admin at 2014-12-06 17:15:27 Run:1
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV="
CHR DefaultNewTabURL: Default -> https://www.trovi.co...85890F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\DOCUME~1\Admin\LOCALS~1\Temp\ccex.crx [Not Found]
2014-12-02 17:06 - 2013-12-19 23:05 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\newnext.me
2014-12-02 08:08 - 2014-01-30 17:25 - 00000000 ____D () C:\Program Files\SearchProtect
2014-11-14 03:28 - 2014-03-06 02:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
C:\Program Files\Mobogenie
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
HKU\S-1-5-21-1757981266-813497703-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1757981266-813497703-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKU\S-1-5-21-1757981266-813497703-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key deleted successfully.
"HKCR\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKU\S-1-5-21-1757981266-813497703-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml => Moved successfully.
Chrome StartupUrls not detected.
CHR DefaultNewTabURL: Default -> https://www.trovi.co...85890F&SAT=CNTS => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL not detected.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully.
C:\Documents and Settings\Admin\Application Data\newnext.me => Moved successfully.

"C:\Program Files\SearchProtect" directory move:

Could not move "C:\Program Files\SearchProtect\UI\dialogs\settings.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\style.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\DialogAPI.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\libs\main.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\Icon.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\v.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Images\x.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\UI\bin\cltmngui.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe_1415960919062" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\RN32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll_1409594631890" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll_1415960920890" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\VC32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\VC64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\rep\cfi.bin" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\rep\edk.bin" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\rep\pni.bin" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\rep\trn.bin" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe_1415960919796" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\SPtool.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391389166774" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391389166805" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391453997399" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391453997680" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect\Main\bin\uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\SearchProtect" directory. => Scheduled to move on reboot.

C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect => Moved successfully.
C:\Program Files\Mobogenie => Moved successfully.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => Removed 708.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-06 17:21:25)<=

"C:\Program Files\SearchProtect\UI\dialogs\settings.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\style.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\DialogAPI.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\libs\main.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\Icon.ico" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\v.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Images\x.png" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js" => File could not move.
"C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js" => File could not move.
"C:\Program Files\SearchProtect\UI\bin\cltmngui.exe" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe_1415960919062" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\RN32.dll" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll_1409594631890" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll_1415960920890" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\VC32.dll" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\VC64.dll" => File could not move.
"C:\Program Files\SearchProtect\SearchProtect\bin\VC64Loader.dll" => File could not move.
"C:\Program Files\SearchProtect\Main\rep\cfi.bin" => File could not move.
"C:\Program Files\SearchProtect\Main\rep\edk.bin" => File could not move.
"C:\Program Files\SearchProtect\Main\rep\pni.bin" => File could not move.
"C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat" => File could not move.
"C:\Program Files\SearchProtect\Main\rep\trn.bin" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe_1415960919796" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\SPtool.dll" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391389166774" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391389166805" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391453997399" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\SPtool.dll_1391453997680" => File could not move.
"C:\Program Files\SearchProtect\Main\bin\uninstall.exe" => File could not move.
"C:\Program Files\SearchProtect" => Directory could not move.

==== End of Fixlog ====


  • 0

#4
Tony Canevaro
Posted 06 December 2014 - 06:36 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

No real change. Windows Genuine still at start up and in tool bar in the bottow right hand of screen.

 

# AdwCleaner v4.104 - Report created 06/12/2014 at 17:28:59
# Updated 05/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - XPUSER
# Running from : C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Hola
Folder Deleted : C:\Documents and Settings\Admin\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Admin\My Documents\Mobogenie
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Documents and Settings\Admin\daemonprocess.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v

[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={7391C0DB-12D1-4EB0-9D01-AAADDE456F29}&mid=6d8ffe5233b247d09a4fd16f806f9805-62e9d5ec38cb13bb103388f855445c048e45bb1f&lang=en&ds=AVG&pr=pr&d=2012-09-13 08:40:08&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318857&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&q={searchTerms}&SSPV=
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318857&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&q={searchTerms}&SSPV=
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3318857&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV=
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV=
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3318857&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV=
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV=

*************************

AdwCleaner[R0].txt - [10779 octets] - [06/12/2014 17:27:26]
AdwCleaner[S0].txt - [10680 octets] - [06/12/2014 17:28:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10741 octets] ##########
 


  • 0

#5
Essexboy
Posted 07 December 2014 - 04:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you screenshot it please and attach it here

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
Select the cog to access scan areas
Kas%20front.JPG

On the first tab select all elements down to OS C and then select start scan
https://dl.dropboxus...s Scan area.JPG

Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button

kas%20manual.JPG

Once it has completed then click Step 2 Report sending
avp%20report.JPG

Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
  • 0

#6
Tony Canevaro
Posted 07 December 2014 - 06:46 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Genuine.jpg


  • 0

#7
Tony Canevaro
Posted 08 December 2014 - 12:21 AM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

First Kaspersky Scan

 

NVM this didnt attach. Look to the last post please


Edited by Tony Canevaro, 08 December 2014 - 12:26 AM.

  • 0

#8
Tony Canevaro
Posted 08 December 2014 - 12:24 AM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Manual Scan


  • 0

#9
Tony Canevaro
Posted 08 December 2014 - 12:25 AM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Manual Scan

Attached Files


  • 0

#10
Tony Canevaro
Posted 08 December 2014 - 12:38 AM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Detected Threats

Status: Deleted   (events: 2)    
12/7/2014 7:50:01 PM    Deleted    adware not-a-virus:AdWare.Win32.NewNext.a    C:\AdwCleaner\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\genienext\nengine.dll.vir    Medium    
12/7/2014 7:50:21 PM    Deleted    adware not-a-virus:AdWare.Win32.NewNext.a    C:\AdwCleaner\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir    Medium    
Status: Disinfected   (events: 2)    
12/7/2014 7:52:24 PM    Disinfected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\AdwCleaner\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir    Medium    
12/7/2014 7:52:24 PM    Disinfected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\AdwCleaner\Quarantine\C\Documents and Settings\Admin\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir/Mobogenie/nengine.dll    Medium    
Status: Detected   (events: 16)    
12/7/2014 8:14:55 PM    Detected    adware not-a-virus:AdWare.Win32.iBryte.x    C:\Documents and Settings\Admin\My Documents\Downloads\Setup(1).exe    Medium    
12/7/2014 8:20:34 PM    Detected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\FRST\Quarantine\C\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll    Medium    
12/7/2014 8:20:36 PM    Detected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\FRST\Quarantine\C\Program Files\Mobogenie\nengine.dll    Medium    
12/7/2014 9:11:38 PM    Detected    Trojan program Backdoor.Win32.CPD.pek    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Melany Montoya Fonseca][Subject:new root certificate bank of amercica][Time:2013/03/18 00:19:05]/Certificate.P12.install.exe//UPX    High    
12/7/2014 9:20:36 PM    Detected    Trojan program Trojan.Win32.Bublik.clal    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Booking.com][Subject:Your reservation is now confirmed!][Time:2014/04/18 09:31:26]/Booking number 690885096.zip//Booking letter.scr    High    
12/7/2014 9:20:41 PM    Detected    Trojan program Trojan.Win32.Bublik.clal    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Administrator][Subject:Important - New Outlook Settings][Time:2014/04/17 02:00:15]/OutlookSettings.zip//OutlookSettings.scr    High    
12/7/2014 9:20:52 PM    Detected    Trojan program Trojan-Downloader.MSIL.Mudop.a    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Administrator][Subject:Important - New Outlook Settings][Time:2014/04/08 00:25:33]/OutlookSettings.zip//OutlookSettings.exe    High    
12/7/2014 9:20:55 PM    Detected    Trojan program Trojan-Downloader.MSIL.Mudop.a    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:[email protected]][Subject:Documents - WellsFargo][Time:2014/04/08 09:59:10]/WellsFargo_Docs_967303.zip//WellsFargo_Docs_967303.exe    High    
12/7/2014 9:21:04 PM    Detected    Trojan program Trojan.Win32.Bublik.cftv    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:[email protected]][Subject:Documents - WellsFargo][Time:2014/04/01 09:37:45]/WellsFargo_Docs_042014.zip//WellsFargo_Docs_042014.scr    High    
12/7/2014 9:21:13 PM    Detected    Trojan program Trojan.Win32.Bublik.clym    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:[email protected]][Subject:Homicide Suspect][Time:2014/04/28 12:18:04]/Homicide-case#221.zip//Homicide-case#221.scr    High    
12/7/2014 9:23:38 PM    Detected    Trojan program Trojan-Ransom.Win32.Cryptodef.ny    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Microsoft Outlook][Subject:You have received a voice mail][Time:2014/06/27 08:16:56]/VOICE363-474-5799.zip//VOICE347-758-9007.scr    High    
12/7/2014 9:25:31 PM    Detected    Trojan program Trojan-Downloader.Win32.Agent.hewe    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Aisha Nadiath][Subject:Re: Request for an offer.][Time:2014/09/06 04:14:41]/Doc-10232.7z//Scan001.exe    High    
12/7/2014 9:28:21 PM    Detected    Trojan program Trojan.Win32.Agent.almij    Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Adams James][Subject:CONGRATULATION TO YOU][Time:2014/12/05 01:26:59]/image.rar//image.scr    High    
12/7/2014 9:35:07 PM    Detected    Trojan program Trojan-Ransom.Win32.Cryptodef.ny    Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:The Canevaro's][Subject:FW: You have received a voice mail][Time:2014/06/27 08:42:31]/VOICE363-474-5799.zip//VOICE347-758-9007.scr    High    
12/7/2014 10:37:23 PM    Detected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\System Volume Information\_restore{F40C46E5-C99B-4982-90CA-DB0C4E5B8CEB}\RP715\A0135271.dll    Medium    
12/7/2014 10:37:29 PM    Detected    adware not-a-virus:AdWare.Win32.NewNext.a    C:\System Volume Information\_restore{F40C46E5-C99B-4982-90CA-DB0C4E5B8CEB}\RP715\A0135291.dll    Medium    
 


  • 0

#11
Essexboy
Posted 08 December 2014 - 09:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try this and let me know the result

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Activate Windows.Or, click the Windows Activation icon inthe notification area.
2.Click Yes, let's activate Windows over the Internet now.
3.Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.
4.Use one of the following methods:If you want to register and activate Windows at the same time, click Yes, I want to register and activate Windows at the same time, click Read the Windows Registration Privacy Statement, click Back, click Next, type your contact information in the appropriate boxes in the registration form, and then click Next. An asterisk (*) appears next to required information.
If you only want to activate Windows, click No, I don't want to register now; let's just activate Windows, and then click Next.
The wizard establishes a connection with an activation server, and then processes the activation request.
5.When activation is completed and you receive the following message, click OK:
You have successfully activated your copy of Windows.
  • 0

#12
Tony Canevaro
Posted 08 December 2014 - 07:38 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Should I disenfect using Kaspersky now as well?


  • 0

#13
Tony Canevaro
Posted 08 December 2014 - 07:41 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Ummm I dont get a windows activation icon or the option to activate windows.


  • 0

#14
Essexboy
Posted 09 December 2014 - 09:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Sorry yes disinfect.  Also could you attach the entire zip file (to include both xml and html)

 

Is the windows genuine popup still appearing


  • 0

#15
Essexboy
Posted 14 December 2014 - 09:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP