OTL logfile created on: 11/03/2014 21:29:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\renfar\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.93 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.16% Memory free
4.11 Gb Paging File | 2.74 Gb Available in Paging File | 66.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.55 Gb Total Space | 86.79 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
Drive D: | 10.54 Gb Total Space | 1.78 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Computer Name: RENFAR-PC | User Name: renfar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/11 21:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\renfar\Downloads\OTL.exe
PRC - [2014/03/03 20:02:33 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/03/03 20:02:31 | 001,759,768 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
PRC - [2014/03/03 20:02:31 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
PRC - [2014/03/02 04:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/25 21:54:00 | 000,046,592 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe
PRC - [2010/05/05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/05/05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/14 22:45:21 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 19:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007/08/08 13:52:52 | 001,731,584 | ---- | M] () -- C:\Users\renfar\gupd.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/06/07 01:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/03 20:02:34 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/03/03 20:02:33 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/03/02 04:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/02 04:35:24 | 013,632,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/02 04:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/02 04:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/02 04:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2010/05/05 15:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/05/05 15:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 12:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 12:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 12:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/05/27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009/04/07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 10:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
MOD - [2009/02/20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
MOD - [2008/09/24 02:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/08/08 13:52:52 | 001,731,584 | ---- | M] () -- C:\Users\renfar\gupd.exe
MOD - [2007/07/12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
========== Services (SafeList) ==========
SRV - [2014/03/08 13:09:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/03 20:02:31 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/14 22:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 22:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2009/09/03 12:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/10/06 19:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 22:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/03/03 20:02:35 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/07/04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 22:06:28 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/08 18:21:18 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/12/08 18:21:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/12/08 18:21:18 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/08 18:21:18 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/06/29 16:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.web...&cc=ZA&unqvl=49
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{3B2DB669-694C-4758-B81E-CD80FA35F8BE}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKLM\..\SearchScopes\{66149AE3-086F-403A-AA76-A82575D1F29B}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{95ACECBE-0F07-45C2-85C0-510132736D50}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.web...&cc=ZA&unqvl=49
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE9HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosear...127894&tsp=5163
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{3B2DB669-694C-4758-B81E-CD80FA35F8BE}: "URL" = http://uk.search.yah...p06&type=ie2008
IE - HKCU\..\SearchScopes\{66149AE3-086F-403A-AA76-A82575D1F29B}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{95ACECBE-0F07-45C2-85C0-510132736D50}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.web...&cc=ZA&unqvl=49
IE - HKCU\..\SearchScopes\{C4671A5A-3122-4A80-AB9C-AF1CE247CEB2}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=172.16.1.1:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....ard&sg=&sap=hp"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}"
FF - prefs.js..browser.search.defaulturl: "http://websearch.web...nqvl=49&l=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\renfar\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/10 18:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014/03/01 19:02:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\freegames4357@BestOffers: C:\Users\renfar\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014/02/19 19:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\renfar\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/02/19 19:41:22 | 000,000,000 | ---D | M]
[2014/02/19 19:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions
[2014/02/19 19:40:23 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions\freegames4357@BestOffers
[2014/02/19 19:41:22 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\renfar\AppData\Roaming\mozilla\Extensions\speedtest4354@BestOffers
[2014/02/19 19:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\renfar\AppData\Roaming\mozilla\Firefox\Profiles\0kgei9go.default\Extensions
[2014/02/19 20:33:14 | 000,000,647 | ---- | M] () -- C:\Users\renfar\AppData\Roaming\mozilla\firefox\profiles\0kgei9go.default\searchplugins\WebSearch.xml
[2014/02/19 19:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 13:31:05 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1,
CHR - homepage: http://mysearch.avg....sa&d=2014-03-01 19:02:11&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR - plugin: Error reading preferences file
CHR - Extension: SNT = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfbhobbdldeljppincgpkddjjncekhl\2.1\
CHR - Extension: Google Docs = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Pacman = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeemjccgfelokfccnbdaakiongijpbj\2.6_0\
CHR - Extension: YouTube = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: YoutubeAdblocker = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\deiinafalbpgeffmcobefmddmndhdpbo\1.0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.73_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.74_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.77_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.78_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.722_1\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.822_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.24.3.503_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.24.3.503_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.0.540_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.2.507_1\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.4.512_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.4.512_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.7.519_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_0\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_0\nativeMessaging\nmHost
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_1\
CHR - Extension: Download Energy V1 = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffcjibagikpbcgeadlbbpobdcchhjfh\10.26.9.505_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcajpekdlnhcajagnmjaklfmgkbelckn\1.1\
CHR - Extension: Weebsave = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjeilleogjhpojalphomgkjlmgknhnea\3.7\
CHR - Extension: Chrome to Mobile = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\179\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.0_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.2.3_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.3.0_0\
CHR - Extension: Pixlr Touch Up = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig\1.4.0_0\
CHR - Extension: No name found = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl\0.6.10_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\renfar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2010/12/21 00:39:18 | 000,002,826 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 209.97.213.114 www.google.com
O1 - Hosts: 209.97.213.114 google.com
O1 - Hosts: 209.97.213.114 google.com.au
O1 - Hosts: 209.97.213.114 www.google.com.au
O1 - Hosts: 209.97.213.114 google.be
O1 - Hosts: 209.97.213.114 www.google.be
O1 - Hosts: 209.97.213.114 google.com.br
O1 - Hosts: 209.97.213.114 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YoutubeAdblocker) - {78BB8A23-ADEB-CB69-01AD-A0BD44558DE3} - C:\Program Files\YoutubeAdblocker\kO.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark S300-S400 Series Fax Server] C:\Program Files\Lexmark S300-S400 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [APISupport] C:\Users\renfar\AppData\Local\Conduit\APISupport\APISupport.dll (Conduit Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [gtalkupdate] C:\Users\renfar\gupd.exe ()
O4 - HKCU..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKCU..\Run: [NextLive] C:\Users\renfar\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C4BAEB4-EA51-4E01-9C61-1E3CCEF9D935}: DhcpNameServer = 192.168.18.10 192.168.18.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C225179-AB97-4231-A6F8-8D1368E7CD49}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\renfar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\renfar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12de745f-a557-11de-ba42-001f1673378d}\Shell\AutoRun\command - "" = F:\CNN\A\Lic.exe
O33 - MountPoints2\{12de745f-a557-11de-ba42-001f1673378d}\Shell\open\command - "" = F:\CNN\A\Lic.exe
O33 - MountPoints2\{420e189c-8710-11de-82bd-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{420e189c-8710-11de-82bd-001f1673378d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4ce0aa09-ecc2-11de-862c-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce0aa09-ecc2-11de-862c-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{76584a00-cabe-11e1-93af-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{76584a00-cabe-11e1-93af-001f1673378d}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{78b4ac5f-b67c-11de-afef-001f1673378d}\Shell\AutoRun\command - "" = F:\NADFOLDER\autorun.exe
O33 - MountPoints2\{78b4ac5f-b67c-11de-afef-001f1673378d}\Shell\open\command - "" = F:\NADFOLDER\autorun.exe
O33 - MountPoints2\{7f65c464-a905-11de-bc73-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f65c464-a905-11de-bc73-001f1673378d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c6662078-c120-11e2-8ce1-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{c6662078-c120-11e2-8ce1-001f1673378d}\Shell\AutoRun\command - "" = G:\iLinker.exe
O33 - MountPoints2\{cfffc5f0-86a7-11de-bfff-001f1673378d}\Shell - "" = AutoRun
O33 - MountPoints2\{cfffc5f0-86a7-11de-bfff-001f1673378d}\Shell\AutoRun\command - "" = setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cfffc604-86a7-11de-bfff-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{cfffc604-86a7-11de-bfff-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d0e4e6b9-3a57-11e2-8f51-001f1673378d}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{d5b7667c-ffe7-11e1-ab67-001f1673378d}\Shell\AutoRun\command - "" = F:\SecureII\Windows\SecureII.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/06 17:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/06 17:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/03/03 20:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/03/01 19:03:08 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\AVG SafeGuard toolbar
[2014/03/01 19:02:06 | 000,042,784 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2014/03/01 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/03/01 19:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2014/03/01 19:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2014/03/01 18:59:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/03/01 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2014/02/19 20:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/02/19 20:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\SNT
[2014/02/19 20:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\GreatSoft
[2014/02/19 20:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/02/19 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2014/02/19 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\Torch
[2014/02/19 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Local\Comodo
[2014/02/19 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\websave
[2014/02/19 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\355a65b787d48b8f
[2014/02/19 20:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\websave
[2014/02/19 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/02/19 19:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2014/02/19 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\renfar\AppData\Roaming\PerformerSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/11 21:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/11 21:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/11 20:09:55 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/03/11 20:08:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/11 20:08:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 20:08:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 20:07:57 | 000,393,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/11 20:07:36 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/11 06:21:27 | 000,739,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/11 06:21:27 | 000,159,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/06 17:29:24 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/04 18:32:02 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/03 20:02:35 | 000,042,784 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2014/03/01 18:14:06 | 027,915,537 | ---- | M] ( ) -- C:\Users\renfar\Desktop\K-Lite_Codec_Pack_1035_Full.exe
[2014/03/01 14:48:01 | 000,204,288 | ---- | M] () -- C:\Users\renfar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/21 17:53:32 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/15 16:02:11 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/12 19:59:26 | 000,591,872 | ---- | M] () -- C:\Users\renfar\Desktop\DatawareBarcode.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/10 17:23:17 | 2075,336,704 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/09 22:23:30 | 001,731,584 | ---- | C] () -- C:\Users\renfar\gupd.exe
[2014/03/06 17:29:24 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/01 18:08:30 | 027,915,537 | ---- | C] ( ) -- C:\Users\renfar\Desktop\K-Lite_Codec_Pack_1035_Full.exe
[2014/02/19 20:31:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/19 19:52:01 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/02/12 19:59:16 | 000,591,872 | ---- | C] () -- C:\Users\renfar\Desktop\DatawareBarcode.exe
[2013/11/27 23:20:38 | 000,000,258 | RHS- | C] () -- C:\Users\renfar\ntuser.pol
[2013/11/26 18:52:20 | 000,000,736 | ---- | C] () -- C:\Windows\DigimaxMaster.INI
[2013/09/27 17:35:37 | 000,000,843 | ---- | C] () -- C:\Users\renfar\AppData\Local\recently-used.xbel
[2013/07/26 09:35:26 | 000,135,974 | ---- | C] () -- C:\Windows\hphins32.dat
[2013/07/26 09:35:26 | 000,000,558 | ---- | C] () -- C:\Windows\hphmdl32.dat
[2013/02/11 09:11:58 | 000,000,139 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/04 08:47:34 | 000,025,614 | ---- | C] () -- C:\Users\renfar\AppData\Roaming\UserTile.png
[2010/07/23 11:39:04 | 000,000,008 | ---- | C] () -- C:\Users\renfar\AppData\Local\.mpid
[2010/06/28 11:36:47 | 000,000,680 | ---- | C] () -- C:\Users\renfar\AppData\Local\d3d9caps.dat
[2010/01/29 20:43:43 | 000,000,702 | ---- | C] () -- C:\Users\renfar\AppData\Roaming\wklnhst.dat
[2009/08/11 20:19:57 | 000,204,288 | ---- | C] () -- C:\Users\renfar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/18 01:49:13 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
========== ZeroAccess Check ==========
[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/12/12 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\.purple
[2012/10/26 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\AlcaTech
[2012/08/22 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Babylon
[2012/09/10 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\BrowserCompanion
[2011/05/23 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\CleanMyPC Software
[2013/11/27 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\com.prezi.PreziDesktop
[2013/11/30 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\ExpressFiles
[2013/06/14 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\File Scout
[2009/08/18 20:57:08 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\gtk-2.0
[2009/11/30 17:40:18 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Leadertech
[2013/12/16 11:54:34 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Movie Torrent
[2014/03/11 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\newnext.me
[2012/08/20 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PC Cleaners
[2009/09/12 18:29:32 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PC Suite
[2012/08/20 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PCPro
[2012/01/04 08:47:34 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PeerNetworking
[2014/02/19 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PerformerSoft
[2013/09/27 17:00:56 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\PhotoScape
[2012/08/21 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Research In Motion
[2010/11/29 07:27:21 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\S300-S400 Series
[2009/09/12 18:20:36 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Samsung
[2012/05/08 11:00:53 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Softland
[2013/11/26 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\systweak
[2010/01/29 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Template
[2009/08/12 09:07:09 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\URSoft
[2009/08/11 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\Vodafone
[2009/08/09 23:34:05 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\WildTangent
[2012/05/12 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\renfar\AppData\Roaming\WindSolutions
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/06/11 16:05:19 | 000,000,000 | ---D | M](C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2011/06/11 16:05:19 | 000,000,000 | ---D | M](C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\renfar\AppData\Roaming\???????sAppData) -- C:\Users\renfar\AppData\Roaming\敎潲䍄敔灭慬整sAppData
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B3D74A13
< End of report >
Edited by mofu, 11 March 2014 - 02:01 PM.