Wife's laptop seems to be infected with the Windows Genuine Software Malware and other glitches are being noticed including a yahoo redirect when opening a new tab via hyperlink. Here is the OTL log, I also will bost the Farbar log below that.
OTL logfile created on: 12/4/2014 8:35:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.90 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 62.77% Memory free
3.75 Gb Paging File | 2.98 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 54.85 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Computer Name: XPUSER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/04 20:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2014/11/28 07:44:06 | 006,884,840 | ---- | M] (Hola Networks Ltd.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Hola\firefox\app\hola_plugin.exe
PRC - [2014/11/27 09:45:14 | 005,815,616 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/11/27 09:45:14 | 003,476,288 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/11/27 09:45:14 | 003,312,960 | ---- | M] (Client Connect LTD) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/11/12 23:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2014/11/12 07:39:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/08/25 05:12:17 | 002,640,408 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2014/08/11 11:09:11 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/11 11:09:10 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/22 20:39:43 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2010/05/20 23:59:44 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:59:42 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/07/03 23:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/02 17:07:01 | 000,043,008 | ---- | M] () -- c:\Documents and Settings\Admin\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pd5be.dll
MOD - [2014/11/12 23:49:58 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/11/12 07:39:00 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/08/25 05:12:17 | 002,640,408 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2014/08/11 11:09:12 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014/08/11 11:09:10 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/11/27 09:45:14 | 003,312,960 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/11/26 01:07:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/12 07:39:00 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/11 11:09:11 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/08/11 11:09:12 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/10/27 21:58:34 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/10/27 21:58:33 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2010/07/18 13:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/07/13 20:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
DRV - [2010/04/07 16:06:39 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/08/16 15:00:00 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/08/19 03:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 9B F2 E8 09 E3 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7CF3B9-F620-45C3-9E9A-00180C1745ED}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7391C0DB-12D1-4EB0-9D01-AAADDE456F29}&mid=6d8ffe5233b247d09a4fd16f806f9805-62e9d5ec38cb13bb103388f855445c048e45bb1f&lang=en&ds=AVG&pr=pr&d=2012-09-13 08:40:08&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799\ [2014/08/25 05:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/22 20:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/22 20:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/12 07:38:44 | 000,000,000 | ---D | M]
[2012/02/04 22:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2014/12/04 17:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\extensions
[2014/12/04 17:40:16 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/05/12 06:28:10 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/11/12 07:38:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/12 07:38:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/11/12 07:39:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/22 20:39:49 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - homepage: http://search.condui...C9A85890F&SSPV=
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: iTunes Application Detector (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - default_search_provider: C9B2F54899D31EB449839EB6148087DB4072C7CC6A1C19BB46B461648A67DA42 (Enabled)
CHR - default_search_provider: search_url = EF28C5187672F5B327F4F2AC85672C1C9573BE6854E68FBC6A99831A87DA7788
CHR - default_search_provider: suggest_url =
CHR - homepage: 3532641C5493DACFFF95FF551EE1672DE1B6165D49284143D32AD6F959F2921F
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{067981B1-6256-48B0-A547-15F59B197671}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/04 00:50:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/04 20:14:35 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/03 17:20:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2014/11/25 17:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Hola
[2014/11/25 17:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2014/11/25 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/11/12 07:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/12/04 20:19:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
[2014/12/04 20:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/04 19:48:00 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/04 18:30:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
[2014/12/04 16:04:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/12/03 21:30:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
[2014/12/03 09:16:55 | 000,082,114 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Chris Conrad.pdf
[2014/12/03 02:19:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
[2014/12/02 17:06:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:06:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:05:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/02 17:05:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/12/02 17:05:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2014/12/02 17:05:10 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/12/02 17:05:10 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/12/02 17:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/02 17:04:55 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/28 18:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/11/28 07:58:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Microsoft Office Word 2007.lnk
[2014/11/28 07:40:58 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/11/28 07:40:58 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/11/26 21:43:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/11/26 14:20:39 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/26 14:20:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2014/11/26 01:07:09 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/11/26 01:07:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/11/25 17:53:52 | 000,041,994 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\US.jpg
[2014/11/25 17:24:22 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/11/23 17:37:27 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/23 17:37:07 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
[2014/11/12 07:16:25 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
[2014/11/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/11/07 10:32:39 | 000,188,794 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\keep-calm-and-just-be-the-best-you-can-be-3.png
[2014/11/07 10:11:33 | 000,145,496 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Banana.jpg
[2014/11/06 21:40:22 | 000,164,256 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Calgary Regional Nov.jpg
[5 C:\Documents and Settings\Admin\Desktop\*.tmp files -> C:\Documents and Settings\Admin\Desktop\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/12/03 09:16:52 | 000,082,114 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Chris Conrad.pdf
[2014/11/25 17:53:51 | 000,041,994 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\US.jpg
[2014/11/07 10:32:38 | 000,188,794 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\keep-calm-and-just-be-the-best-you-can-be-3.png
[2014/11/07 10:11:33 | 000,145,496 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Banana.jpg
[2014/11/06 21:40:22 | 000,164,256 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Calgary Regional Nov.jpg
[2014/04/10 02:20:47 | 000,165,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/09 21:37:38 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamStudio.cfg
[2014/04/09 21:37:38 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamShapes.ini
[2014/04/09 21:37:38 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\CamLayout.ini
[2014/04/09 21:37:38 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Camdata.ini
[2014/04/09 21:29:16 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\version2.xml
[2013/06/27 06:29:18 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/08 13:33:43 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rbxcsettings.rbx
[2012/03/03 12:08:04 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2013/10/18 06:34:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/09/16 09:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Admin (administrator) on XPUSER on 04-12-2014 20:14:42
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hola Networks Ltd.) C:\Documents and Settings\Admin\Local Settings\Application Data\Hola\firefox\app\hola_plugin.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [118784 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1323008 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-22] (RealNetworks, Inc.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Google Update] => C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Facebook Update] => C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-07-24] (Facebook Inc.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1757981266-813497703-1417001333-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [216896 2014-11-27] (Client Connect LTD)
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...C9A85890F&SSPV=
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED9BF2E809E3CC01
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1757981266-813497703-1417001333-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7391C0DB-12D1-4EB0-9D01-AAADDE456F29}&mid=6d8ffe5233b247d09a4fd16f806f9805-62e9d5ec38cb13bb103388f855445c048e45bb1f&lang=en&ds=AVG&pr=pr&d=2012-09-13 08:40:08&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3072253
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1757981266-813497703-1417001333-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Admin\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1757981266-813497703-1417001333-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Hola Better Internet - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zz2uox0i.default-1391703396875\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-04]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-22]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPFCDF1B57-52D4-4B75-96DD-3E3C9A85890F&SSPV="
CHR DefaultNewTabURL: Default -> https://www.trovi.co...85890F&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-24]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-08]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-02-10]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\DOCUME~1\Admin\LOCALS~1\Temp\ccex.crx [Not Found]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3312960 2014-11-27] (Client Connect LTD)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-04] (Sun Microsystems, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-08-19] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2010-07-18] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2010-04-07] (Intel Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [5632 2010-10-27] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [5632 2010-10-27] (Marvell Semiconductor Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6650752 2010-07-13] (Intel Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 20:14 - 2014-12-04 20:14 - 00000000 ____D () C:\FRST
2014-12-04 07:55 - 2014-12-04 07:55 - 00001350 _____ () C:\WINDOWS\KB2481109.log
2014-11-25 17:27 - 2014-11-25 17:27 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Hola
2014-11-25 17:24 - 2014-11-25 17:24 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-25 17:24 - 2014-11-25 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-13 09:23 - 2014-11-13 09:24 - 70040235 _____ () C:\Documents and Settings\Admin\Desktop\CanadaRegionals_November-2014(EN)_revise NEW.pptx
2014-11-12 07:38 - 2014-11-12 07:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-06 19:01 - 2014-11-06 19:02 - 61615091 _____ () C:\Documents and Settings\Admin\Desktop\CanadaRegionals_November-2014(EN).pptx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 20:15 - 2012-02-04 00:59 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2014-12-04 20:07 - 2012-04-10 13:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-04 20:06 - 2012-04-05 17:51 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Skype
2014-12-04 19:48 - 2014-07-08 12:47 - 00000514 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-04 19:19 - 2012-02-03 23:56 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
2014-12-04 18:30 - 2013-07-24 20:25 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500UA.job
2014-12-04 18:19 - 2012-02-04 00:57 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-04 16:04 - 2012-04-23 05:00 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-04 07:55 - 2012-02-04 00:49 - 01088387 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-03 21:30 - 2013-07-24 20:25 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
2014-12-03 17:21 - 2013-02-19 12:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-03 17:20 - 2012-02-04 00:59 - 00000000 ____D () C:\Documents and Settings\Admin
2014-12-03 09:16 - 2012-03-18 20:33 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\CutePDF Writer
2014-12-03 02:19 - 2012-02-03 23:56 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-813497703-1417001333-500Core.job
2014-12-02 17:07 - 2012-08-20 13:27 - 00000000 ___RD () C:\Documents and Settings\Admin\My Documents\Dropbox
2014-12-02 17:07 - 2012-08-20 12:54 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Dropbox
2014-12-02 17:06 - 2013-12-19 23:05 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\newnext.me
2014-12-02 17:06 - 2013-09-22 20:41 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:06 - 2013-09-22 20:41 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:05 - 2014-03-14 06:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-02 17:05 - 2013-09-22 20:43 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-12-02 17:05 - 2013-06-08 10:15 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-02 17:05 - 2013-01-22 14:38 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2014-12-02 17:05 - 2012-02-04 00:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 17:05 - 2012-02-03 17:43 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-12-02 17:05 - 2012-02-03 17:43 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-12-02 17:05 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-02 09:07 - 2014-03-05 21:19 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\NeriumCanada
2014-12-02 08:08 - 2014-01-30 17:25 - 00000000 ____D () C:\Program Files\SearchProtect
2014-12-01 08:53 - 2014-03-03 08:51 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\My Quotes
2014-11-28 18:58 - 2012-03-04 16:09 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-28 07:58 - 2012-03-04 16:18 - 00002515 _____ () C:\Documents and Settings\Admin\Desktop\Microsoft Office Word 2007.lnk
2014-11-28 07:40 - 2012-02-03 17:39 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-26 21:43 - 2013-09-22 20:43 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-11-26 14:20 - 2012-02-03 23:57 - 00002284 _____ () C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
2014-11-26 01:07 - 2012-04-10 13:53 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 01:07 - 2012-02-04 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 17:24 - 2014-03-18 07:54 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-25 17:24 - 2013-09-12 07:07 - 00000000 ___RD () C:\Program Files\Skype
2014-11-25 17:24 - 2012-04-05 17:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-11-25 17:20 - 2012-05-10 07:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-23 17:37 - 2012-08-20 13:27 - 00001008 _____ () C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
2014-11-23 17:37 - 2012-08-20 12:55 - 00000000 ____D () C:\Documents and Settings\Admin\Start Menu\Programs\Dropbox
2014-11-19 11:55 - 2012-02-04 00:59 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2014-11-14 03:28 - 2014-03-06 02:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
2014-11-12 07:16 - 2013-09-22 20:43 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-813497703-1417001333-500.job
2014-11-12 03:26 - 2012-02-04 23:11 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-11-12 03:10 - 2012-02-04 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 03:07 - 2013-07-21 07:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:01 - 2012-02-29 10:31 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 05:13 - 2012-02-04 22:18 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Mozilla
2014-11-08 15:00 - 2014-03-14 06:26 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pd5be.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================