Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus does not load completely. Use OTL, need help how to identify


  • Please log in to reply

#1
Kenstrav

Kenstrav

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 19/09/2013 7:00:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.58% Memory free
3.98 Gb Paging File | 2.36 Gb Available in Paging File | 59.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 96.17 Gb Free Space | 64.56% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 06:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/09/19 00:25:14 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/09/19 00:25:14 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/09/19 00:25:14 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/09/09 04:36:06 | 001,920,824 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2013/09/09 04:36:06 | 001,740,088 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/02 16:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/08/21 23:40:58 | 000,894,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/20 23:41:28 | 000,668,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/08/20 23:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/08/20 23:03:40 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/13 00:05:31 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:37:18 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/03/23 19:49:26 | 000,107,520 | ---- | M] () -- C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 06:48:37 | 000,128,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_elementtree.pyd
MOD - [2013/09/19 06:48:36 | 000,557,056 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\pysqlite2._sqlite.pyd
MOD - [2013/09/19 06:48:36 | 000,098,816 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32api.pyd
MOD - [2013/09/19 06:48:36 | 000,044,032 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_socket.pyd
MOD - [2013/09/19 06:48:36 | 000,022,528 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32ts.pyd
MOD - [2013/09/19 06:48:35 | 000,320,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32com.shell.shell.pyd
MOD - [2013/09/19 06:48:35 | 000,070,656 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._html2.pyd
MOD - [2013/09/19 06:48:35 | 000,026,624 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_multiprocessing.pyd
MOD - [2013/09/19 06:48:34 | 000,011,264 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32crypt.pyd
MOD - [2013/09/19 06:48:33 | 000,805,888 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._gdi_.pyd
MOD - [2013/09/19 06:48:32 | 000,504,832 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\windows._cacheinvalidation.pyd
MOD - [2013/09/19 06:48:31 | 000,087,040 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_ctypes.pyd
MOD - [2013/09/19 06:48:31 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32profile.pyd
MOD - [2013/09/19 06:48:30 | 000,364,544 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\pythoncom27.dll
MOD - [2013/09/19 06:48:29 | 000,735,232 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._misc_.pyd
MOD - [2013/09/19 06:48:29 | 000,110,080 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\pywintypes27.dll
MOD - [2013/09/19 06:48:29 | 000,108,544 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32security.pyd
MOD - [2013/09/19 06:48:28 | 001,175,040 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._core_.pyd
MOD - [2013/09/19 06:48:27 | 001,153,024 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_ssl.pyd
MOD - [2013/09/19 06:48:27 | 000,035,840 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32process.pyd
MOD - [2013/09/19 06:48:27 | 000,025,600 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32pdh.pyd
MOD - [2013/09/19 06:48:26 | 000,811,008 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._windows_.pyd
MOD - [2013/09/19 06:48:26 | 000,711,680 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\_hashlib.pyd
MOD - [2013/09/19 06:48:25 | 000,122,368 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._wizard.pyd
MOD - [2013/09/19 06:48:25 | 000,119,808 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32file.pyd
MOD - [2013/09/19 06:48:25 | 000,038,912 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32inet.pyd
MOD - [2013/09/19 06:48:23 | 001,062,400 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\wx._controls_.pyd
MOD - [2013/09/19 06:48:21 | 000,018,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\win32event.pyd
MOD - [2013/09/19 06:48:20 | 000,127,488 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\pyexpat.pyd
MOD - [2013/09/19 06:48:18 | 000,686,080 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\unicodedata.pyd
MOD - [2013/09/19 06:48:18 | 000,010,240 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI10242\select.pyd
MOD - [2013/09/19 00:25:14 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/09/19 00:25:14 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/09/19 00:25:14 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/09/18 16:44:48 | 000,254,976 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll
MOD - [2013/09/11 20:59:24 | 000,181,760 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.904.433.1_0\plugin\ace.dll
MOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/10 16:03:57 | 004,591,616 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
MOD - [2013/08/10 16:03:57 | 000,112,128 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 00:25:14 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/09/16 10:03:46 | 000,573,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/10 20:55:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/09 04:36:06 | 001,740,088 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/09/09 04:35:56 | 000,035,640 | ---- | M] (AVG) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/12 14:37:18 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/23 19:49:26 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/01/12 23:08:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/09/19 00:25:15 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/08/21 19:53:42 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:40 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/08/01 16:05:58 | 000,026,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/03/27 10:48:00 | 000,319,264 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011/01/25 01:13:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/08 01:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 01:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/04/19 21:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {77f5fe49-12e3-4cf5-abb4-d993a0164d9e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {F072CDE9-CEEF-4A80-8C74-3C3F308DE84B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=23/03/2013
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=23/03/2013
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3298935
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 4F 4B A7 61 0D CE 01 [binary data]
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=23/03/2013
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=23/03/2013
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\..\SearchScopes,DefaultScope = {F072CDE9-CEEF-4A80-8C74-3C3F308DE84B}
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=23/03/2013
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\..\SearchScopes\{1FBBDBBC-3F21-41EB-8999-A992B5D5948C}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\..\SearchScopes\{F072CDE9-CEEF-4A80-8C74-3C3F308DE84B}: "URL" = http://search.condui...8211963722&UM=2
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll File not found


[2013/05/27 13:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2013/05/27 13:44:31 | 000,000,000 | ---D | M] (Veoh Web Player New) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{8a68a79b-d305-421f-8fc0-d6fae3c21e37}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Social share 3 in 1 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdciljooegpdknfnjbeebnflbkjfcjcf\1.0.5_0\
CHR - Extension: ytbclick B4 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibclbohbddcmmaaobgjamgbfbchjdfae\10.19.2.505_0\
CHR - Extension: DefaultTab = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Hangouts = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.904.433.1_0\
CHR - Extension: AVG Secure Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {77f5fe49-12e3-4cf5-abb4-d993a0164d9e} - No CLSID value found.
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001..\Run: [Browser Infrastructure Helper] C:\Users\User\AppData\Local\Smartbar\Application\QuickShare.exe startup File not found
O4 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001..\Run: [cdloader] "C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK File not found
O4 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1260511779-1745453086-1008620622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.36\AMVConverter\grab.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DCEE3BD-D607-405E-9637-B8C642430FED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DCEE3BD-D607-405E-9637-B8C642430FED}: NameServer = 208.122.23.22,208.122.23.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8413B190-3B87-40C5-9113-C8FD907A8F7B}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 01:17:52 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/09/19 01:17:46 | 000,035,640 | ---- | C] (AVG) -- C:\Windows\System32\uxtuneup.dll
[2013/09/19 01:14:24 | 000,036,152 | ---- | C] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2013/09/19 01:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013/09/19 01:13:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG
[2013/09/19 01:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/09/19 01:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/09/19 00:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2014
[2013/09/19 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AVG Secure Search
[2013/09/19 00:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/19 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2013/09/19 00:25:46 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/19 00:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/09/19 00:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/09/19 00:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/09/19 00:22:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/19 00:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/19 00:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/09/19 00:09:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/19 00:09:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MFAData
[2013/09/19 00:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/19 00:09:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Avg2014
[2013/09/18 16:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/09/17 07:46:59 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\School
[2013/09/14 22:47:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Blog
[2013/09/12 10:19:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Weblog Posts
[2013/09/12 10:19:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2013/09/12 10:19:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live Writer
[2013/09/12 09:34:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Adobe Scripts
[2013/09/11 21:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/11 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/11 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/11 20:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/11 20:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/09/11 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/09/11 20:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/09/10 17:30:13 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/10 17:30:09 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/10 17:29:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/10 17:29:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/10 17:29:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 17:29:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 17:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 17:29:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 17:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 17:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 17:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 17:29:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 17:29:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 17:29:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 17:29:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 17:29:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 17:29:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 17:29:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 17:29:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 17:29:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 17:29:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 17:29:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 17:29:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 17:29:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 17:29:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 17:29:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 17:29:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 17:29:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 17:29:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 17:29:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 17:29:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 17:29:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/03 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/09/03 20:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/03 20:54:26 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/03 20:54:25 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/09/03 20:54:25 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/03 20:53:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/03 20:53:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/03 20:53:13 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/03 20:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/08/28 00:34:07 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/08/26 18:19:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/08/22 23:37:18 | 000,176,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/08/22 22:56:56 | 000,209,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/08/22 22:56:16 | 000,223,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/08/22 22:56:16 | 000,146,232 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/08/20 22:54:04 | 000,102,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files - Modified Within 30 Days ==========

[2013/09/19 07:11:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 06:55:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 06:55:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 06:54:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 06:49:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/09/19 06:48:39 | 000,001,956 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
[2013/09/19 06:47:53 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/19 06:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/19 06:46:45 | 1603,870,720 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 01:14:09 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/09/19 01:14:09 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013/09/19 00:26:08 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/19 00:25:15 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/18 23:25:42 | 000,000,020 | ---- | M] () -- C:\Windows\˜ơ9
[2013/09/16 20:49:29 | 000,000,632 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2013/09/11 21:01:04 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 03:30:42 | 003,808,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/10 20:54:59 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/10 20:54:59 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/09 04:36:12 | 000,036,152 | ---- | M] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2013/09/09 04:35:56 | 000,035,640 | ---- | M] (AVG) -- C:\Windows\System32\uxtuneup.dll
[2013/09/09 04:35:56 | 000,025,400 | ---- | M] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/09/06 22:56:20 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/03 20:52:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/03 20:51:56 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/03 20:51:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/03 20:51:55 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/09/03 20:51:55 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/03 20:51:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/08/26 18:21:09 | 246,774,937 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/23 14:40:34 | 000,299,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 14:40:34 | 000,037,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2013/09/19 01:14:09 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/09/19 01:14:09 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013/09/19 01:14:04 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2013/09/19 00:26:08 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/18 23:25:40 | 000,000,020 | ---- | C] () -- C:\Windows\˜ơ9
[2013/09/11 21:01:04 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/11 20:55:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/06/09 16:02:46 | 000,004,914 | ---- | C] () -- C:\ProgramData\bzoyeojg.eew
[2013/06/05 18:58:05 | 000,005,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/11 12:16:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013/05/11 12:16:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\uninscpw.exe
[2013/03/23 19:49:46 | 000,000,632 | RHS- | C] () -- C:\Users\User\ntuser.pol
[2013/03/22 08:03:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/25 13:42:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/07 15:09:00 | 000,186,920 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2012/04/10 10:16:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb7mlm.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Don't see much in the log so let's run some scan and see if we can find anything.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created Combofix.txt. I'll need to see that in your reply. If you do not get a log after the first run, run it a second time.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP