Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Huge computer slow down and internet connectivity issues


(!)

slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
08-Feb-2014, 07:36 AM #1
Huge computer slow down and internet connectivity issues
The issue: I lent my laptop to a non-computer-friendly friend who accidentally downloaded a lot of spyware and malware disguised as things like "PC Health Care". I removed most (if not all) of these suspicious programs through the "Add/Remove/Change Programs" in Control Panel, and also ran an AVG scan which didn't pick anything up. I'm quite sure that there's still traces of the virus or spyware still on the computer because it's running slowly, and I'll need to refresh the page several times in order to get it to connect to the internet (connected via wifi). Any help would be greatly appreciated.



1. Copy and paste the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:41:08, on 08/02/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

--
End of file - 13293 bytes



2. Copy and paste the contents of the dds.txt file.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Monica Marchand at 0:44:15 on 2014-02-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.185 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [SUPBackground] c:\program files\samsung\samsung update plus\SUPBackground.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\monica~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\monica marchand\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CDC8AC41-D072-4C52-AF79-059033DD623C} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-19 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;WatchDog de AVG;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-2-3 2317600]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-7-30 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-30 55152]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2012-5-17 1590560]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-2-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-2-2 1042272]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-20 1771544]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-7-30 530664]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [2009-7-30 237952]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-2-2 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
.
=============== Created Last 30 ================
.
2014-02-02 21:59:57 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-02-02 21:59:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-02-02 21:59:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-31 19:48:05 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SoftPlanet
2014-01-31 19:48:03 -------- d-----w- c:\program files\SoftPlanet Software Assistant
2014-01-31 11:41:10 -------- d-----w- c:\program files\Amazon
2014-01-31 11:24:18 -------- d-----w- c:\documents and settings\monica marchand\application data\systweak
2014-01-30 21:51:27 -------- d-----w- c:\documents and settings\all users\application data\BoostSoftware
2014-01-30 14:24:44 128000 ----a-w- c:\program files\uninstall information\21\3724\uninstall.exe
2014-01-30 14:09:46 -------- d-----w- c:\program files\SearchProtect
2014-01-30 14:09:42 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SearchProtect
2014-01-30 14:09:35 -------- d-----w- c:\program files\MyPC Backup
2014-01-30 14:09:19 -------- d-----w- c:\documents and settings\monica marchand\application data\PerformerSoft
2014-01-30 14:09:11 18776 ----a-w- c:\windows\system32\roboot.exe
2014-01-26 19:03:32 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2014-01-26 19:03:28 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-26 19:03:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-02-05 16:16:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 16:16:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-18 20:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 0:45:34.34 ===============


3. Copy and paste the attach.txt file. There is no need to zip and attach it as suggested in the DDS instructions


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/06/2010 02:28:26
System Uptime: 08/02/2014 00:24:14 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N130
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 43.084 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 70.899 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 08/12/2013 21:16:47 - AVG 2014 instalado
RP100: 08/12/2013 21:17:13 - AVG 2011 eliminado
RP101: 08/12/2013 21:18:13 - AVG 2014 instalado
RP102: 08/12/2013 21:32:54 - AVG 2011 eliminado
RP103: 08/12/2013 21:50:11 - Software Distribution Service 3.0
RP104: 22/01/2014 22:18:49 - Software Distribution Service 3.0
RP105: 25/01/2014 11:28:08 - System Checkpoint
RP106: 26/01/2014 19:01:48 - Installed Java 7 Update 51
RP107: 30/01/2014 15:30:50 - System Checkpoint
RP108: 30/01/2014 23:20:58 - PC Performer Thu, Jan 30, 14 23:20
RP109: 31/01/2014 18:23:38 - Removed Bonjour
RP110: 31/01/2014 18:40:48 - Configured YouCam
RP111: 02/02/2014 21:12:52 - Removed BatteryLifeExtender
RP112: 02/02/2014 22:25:21 - Removed AnyPC Client
RP113: 02/02/2014 22:26:05 - Removed Easy Display Manager
RP114: 02/02/2014 22:35:47 - Removed Visual Studio 2012 x86 Redistributables
RP115: 02/02/2014 22:41:41 - Removed YTD Toolbar v8.6.
RP116: 04/02/2014 11:51:31 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
AVG 2014
AVG Security Toolbar
Choice Guard
Easy Network Manager
Easy Resolution Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Magic Keyboard
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Activation Assistant for Netbooks
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Search Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 6.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
Visual Studio 2012 x86 Redistributables
WebCam SCB-0340N
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
02/02/2014 23:15:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WatchDog de AVG service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The WatchDog de AVG service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:15:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
02/02/2014 22:15:39, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:00:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
02/02/2014 22:00:55, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 21:12:58, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
02/02/2014 20:43:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
01/02/2014 10:32:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
01/02/2014 10:32:48, error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


4. Copy and paste the contents of the ark.txt file.



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-08 11:02:55
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1655GSX rev.FG010A 149.05GB
Running: 0p98crx6.exe; Driver: C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\pwtdypod.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF797C690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF797C7B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF797C010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF797C490]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF779C1D6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF797C2D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF797C3B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF797C110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF797C1F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF797C590]

---- Kernel code sections - GMER 2.1 ----

? C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 6F071147 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 6F06FE6B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey 7C90D0EE 2 Bytes JMP 6F06D0FB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey + 3 7C90D0F1 2 Bytes [76, F2] {JBE 0xfffffff4}
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 6F06FC88 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 6F06C120 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 6F06C3E3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 6F07121D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 6F06C1C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 6F06C33D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 6F06C172 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 6F06C491 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 6F06C51F C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 6F06FFF6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 6F06CDA8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 6F06FCF3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 6F06EC7C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 6F06FD63 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 6F06C217 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 6F06C43E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 6F071273 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 6F0711B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 6F06C2EA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 6F06C729 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 6F06FDD3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 6F06C27D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 6F0712D0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 6F06C390 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6F04A4C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 6F0492EF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6F04942D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryW 7C85FD91 5 Bytes JMP 6F049F86 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryA 7C85FE27 5 Bytes JMP 6F04A2B9 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!WinExec 7C862585 5 Bytes JMP 6F049B28 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceA 77F29425 5 Bytes JMP 6F057542 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceW 77F4014D 5 Bytes JMP 6F05755E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 7 Bytes JMP 6F05A4E0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 6F05A243 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 6F059A3C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 6F059BB1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 6F049663 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 6F05A0C8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 6F05A2D6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 6F05AE14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 6F05A032 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 6F05A1B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 6F059C3D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 6F059AC8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 6F05B1D5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 6F05AD7B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 6F0497A5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 6F05B293 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 6F05B359 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 7 Bytes JMP 6F05AFE5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 6F05B081 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 6F05A6E1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 6F05A5FC C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 6F05A983 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 6F05A8ED C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 6F059E14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 6F059D3E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 6F05A56E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 6F05A429 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 6F05A372 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 7 Bytes JMP 6F05AC82 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 7 Bytes JMP 6F05ABCA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 7 Bytes JMP 6F05AAD1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameW 77E37879 7 Bytes JMP 6F05AA19 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 6F05AF49 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 6F05AEAD C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 6F05B117 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 6F061830 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 6F0636F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoUninitialize 77501364 5 Bytes JMP 6F061005 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoInitializeEx 7750149B 5 Bytes JMP 6F060F83 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleInitialize 77501C0A 5 Bytes JMP 6F0610D3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 6F062427 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterClassObject 775179F8 5 Bytes JMP 6F061E99 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetPSClsid 77519358 5 Bytes JMP 6F060F10 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoResumeClassObjects + 7 775268CF 7 Bytes JMP 6F061369 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoSuspendClassObjects + 7 7752695A 7 Bytes JMP 6F061294 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRevokeClassObject 77529EA8 5 Bytes JMP 6F0607F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleUninitialize 7753327F 6 Bytes JMP 6F061143 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetInstanceFromFile 77540282 5 Bytes JMP 6F0628E7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRun 77556249 5 Bytes JMP 6F061224 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterPSClsid 7758CF0A 5 Bytes JMP 6F060D98 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRegEnumFormatEtc 775D4967 5 Bytes JMP 6F0611AE C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
10-Feb-2014, 10:18 AM #2
Hi Tech Guys! Can anyone help with this please?
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
10-Feb-2014, 11:05 AM #3
Hi slstevens123,
IMPORTANT - DO NOT UNINSTALL ANYTHING ELSE USING "ADD/REMOVE PROGRAMS", UNLESS I ASK !
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

J2SE Runtime Environment 5.0
McAfee Security Scan Plus

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------------------
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Be careful NOT to click on any sponsored advertisement download.
The one by Xplode is correct. Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here before running any other programs.


If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Replies, we will be looking for the following :
The contents of:
  • The log from AdwCleaner
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
askey127
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
11-Feb-2014, 04:12 PM #4
Hi askey127, thanks very much for the response. I followed all of your instructions. Here are the logs:
  • The log from AdwCleaner
# AdwCleaner v3.018 - Report created 11/02/2014 at 19:09:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Monica Marchand - MONICA
# Running from : C:\Documents and Settings\Monica Marchand\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[!] Folder Deleted : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\Extensions\wtxpcom@mybrowser bar.com
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\searchplugins\Search_Results .xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v
[ File : C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\prefs.js ]
Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.3.0.49");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.searchqu.com/406");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [13233 octets] - [11/02/2014 19:00:00]
AdwCleaner[S0].txt - [13264 octets] - [11/02/2014 19:09:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13325 octets] ##########
  • OTL.txt
OTL logfile created on: 11/02/2014 19:36:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Monica Marchand\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.29 Mb Total Physical Memory | 425.28 Mb Available Physical Memory | 41.93% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.05 Gb Total Space | 43.14 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 71.00 Gb Total Space | 70.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monica Marchand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/11 19:34:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/09 18:12:44 | 004,511,072 | ---- | M] (Secure Download Ltd.) -- C:\Program Files\SoftPlanet Software Assistant\spassist.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/06/15 16:54:24 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2009/06/12 15:37:38 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2009/06/02 01:23:42 | 003,153,408 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/06/02 01:23:42 | 003,153,408 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/07/12 23:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/05 16:16:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/13 08:58:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/06/26 18:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 18:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 18:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 18:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/06/18 19:34:10 | 000,530,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl819xp.sys -- (RTL819xp)
DRV - [2009/07/28 23:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/01 09:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)
DRV - [2009/05/23 06:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/02/07 01:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/06 03:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 12:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/01/04 22:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/27 04:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q={...4-a50010615881
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...g}&rlz=1I7SMSN


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE8SRC
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q={...4-a50010615881
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{525F8A84-9EC3-45AD-8788-7CA39CA8F7BF}: "URL" = http://uk.search.yahoo.com/search?fr...p={SearchTerms}
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...rlz=1I7SMSN_en
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{9216DA65-FFA1-463C-B461-0E440F94AA64}: "URL" = http://uk.search.yahoo.com/search?fr...p={searchTerms}
IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
FF - prefs.js..extensions.enabledItems: avg@toolbar:14.0.2.14
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

[2014/02/02 22:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Extensions
[2014/02/11 19:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions
[2010/11/12 16:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/01 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[2014/02/03 10:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 10:34:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryFor Suggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instan tExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:ze roPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParamete r},
CHR - homepage: http:\\/\\/www.safesearch.net\\/?utm_medium=ch&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Wallet = C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDC8AC41-D072-4C52-AF79-059033DD623C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 22:30:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/11 19:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
[2014/02/11 18:59:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/08 00:44:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2014/02/08 00:40:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
[2014/02/02 23:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
[2014/02/02 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/02 21:59:57 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/02 21:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/02 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/01/31 19:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\My Documents\Add-in Express
[2014/01/31 19:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\SoftPlanet
[2014/01/31 19:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\SoftPlanet Software Assistant
[2014/01/31 18:23:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/31 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2014/01/30 21:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BoostSoftware
[2014/01/26 19:03:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/26 19:03:12 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/26 19:03:12 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/26 19:03:12 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/26 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/22 11:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\My Documents\Argentina ,Enero 2014
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/11 19:37:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/11 19:34:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
[2014/02/11 19:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 19:26:32 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/11 19:23:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/11 19:23:55 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/11 19:23:50 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job
[2014/02/11 19:23:49 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\SoftPlanet Software Assistant.job
[2014/02/11 19:23:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/11 19:23:03 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/11 19:16:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/11 18:58:30 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Desktop\AdwCleaner.exe
[2014/02/11 18:52:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job
[2014/02/11 18:17:07 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFFFFC7-254B-4839-9864-6EFA0EA87C7D}.job
[2014/02/11 18:10:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/08 00:47:07 | 000,380,416 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Desktop\0p98crx6.exe
[2014/02/08 00:40:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
[2014/02/08 00:37:02 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/05 16:16:45 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/05 16:16:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/04 21:52:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job
[2014/02/04 21:52:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job
[2014/02/04 17:38:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/02 23:11:31 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/02/02 22:48:26 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\Monica Marchand_KBD.ini
[2014/02/02 22:01:04 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/02 22:01:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/02 22:00:09 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/22 22:39:40 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/22 22:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/22 21:26:54 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/11 18:58:29 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Desktop\AdwCleaner.exe
[2014/02/08 00:47:04 | 000,380,416 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Desktop\0p98crx6.exe
[2014/02/08 00:32:03 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/08 00:32:01 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/02 22:01:03 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/02 22:01:03 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/02 22:01:02 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/02 22:00:09 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/02 22:00:09 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/31 19:48:10 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\SoftPlanet Software Assistant.job
[2014/01/30 21:52:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job
[2014/01/30 21:52:14 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job
[2014/01/30 21:52:14 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job
[2014/01/30 21:52:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job
[2013/12/08 22:05:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2013/05/29 14:06:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/30 08:48:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 21:58:39 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/30 23:33:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/08 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/02/02 22:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BoostSoftware
[2010/11/09 15:14:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/11 18:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/30 22:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAMSUNG
[2011/08/18 11:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/09/07 02:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2011/11/14 01:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/06/25 10:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinClon
[2009/07/30 22:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2010/09/22 07:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/02/02 12:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/07/10 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2013/12/08 21:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\AVG2014
[2011/09/12 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoft
[2014/02/11 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\SoftGrid Client
[2011/08/18 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\TP
[2013/12/08 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/11/26 15:27:20 | 008,719,510 | ---- | M] ()(C:\Documents and Settings\Monica Marchand\My Documents\? Kiss - I Was Made For Loving You (Good Quality).mp3) -- C:\Documents and Settings\Monica Marchand\My Documents\♫ Kiss - I Was Made For Loving You (Good Quality).mp3
[2011/11/26 15:24:43 | 008,719,510 | ---- | C] ()(C:\Documents and Settings\Monica Marchand\My Documents\? Kiss - I Was Made For Loving You (Good Quality).mp3) -- C:\Documents and Settings\Monica Marchand\My Documents\♫ Kiss - I Was Made For Loving You (Good Quality).mp3
< End of report >
  • Extras.txt
OTL Extras logfile created on: 11/02/2014 19:36:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Monica Marchand\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.29 Mb Total Physical Memory | 425.28 Mb Available Physical Memory | 41.93% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.05 Gb Total Space | 43.14 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 71.00 Gb Total Space | 70.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monica Marchand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalador de AVG
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:VSTO Deployment Manifest 9014006104090000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnóstico 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Instalador de AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Analizador de correo personal -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DCF2BB4-A124-4596-89F7-5670294E091B}" = Microsoft Office Activation Assistant for Netbooks
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 51
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{401C04AC-99A0-4DE2-879F-30D03A633FEF}" = AVG 2014
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51BED-E7D3-11DB-A386-005056C00008}" = WebCam SCB-0340N
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CAC71E9-D196-472E-845C-5462356B2AE1}" = Easy Resolution Manager
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}" = Microsoft Online Services Sign-in Assistant
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"AVG" = AVG 2014
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/02/2014 06:45:53 | Computer Name = MONICA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/02/2014 14:08:15 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=1610:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 04/02/2014 10:27:52 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=154C:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 04/02/2014 18:23:32 | Computer Name = MONICA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2014 11:49:23 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=1574:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 05/02/2014 11:59:25 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=15EC:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 07/02/2014 20:12:04 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=B60:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 07/02/2014 20:27:04 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=11EC:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

Error - 11/02/2014 14:27:08 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 3079
Description = {hap=15:app=ONENOTEM 9014006104090000:tid=1484:usr=Monica Marchand}
The
client could not launch Q:\140061.enu\Office14\ONENOTEM.EXE (rc 0B020604-0000041E,
last error 2).

Error - 11/02/2014 15:30:00 | Computer Name = MONICA | Source = Application Virtualization Client | ID = 6032
Description = {tid=96C:usr=Monica Marchand} A temporary settings file was found.
This file ( C:\Documents and Settings\Monica Marchand\Local Settings\Application
Data\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will
be deleted

[ OSession Events ]
Error - 24/09/2010 23:06:08 | Computer Name = MONICA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/02/2014 14:50:40 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/02/2014 14:50:40 | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 11/02/2014 14:50:40 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 11/02/2014 14:50:40 | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating
Service service to connect.

Error - 11/02/2014 14:50:40 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 11/02/2014 15:27:11 | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner
Service service to connect.

Error - 11/02/2014 15:27:11 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/02/2014 15:27:11 | Computer Name = MONICA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 11/02/2014 15:27:11 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 11/02/2014 15:27:11 | Computer Name = MONICA | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.3.0 service failed to start due to the following
error: %%2


< End of report >
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
11-Feb-2014, 05:40 PM #5
slstevens123,
We have more to clean up, but not too bad. We are making progress.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
    IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q={...4-a50010615881
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
    IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
    IE - HKU\S-1-5-21-2664360677-176283706-2246631139-1005\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q={...4-a50010615881
    FF - prefs.js..extensions.enabledItems: [email protected]:6.7
    FF - prefs.js..extensions.enabledItems: [email protected]:6.7
    FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
    CHR - homepage: http:\\/\\/www.safesearch.net\\/?utm_medium=ch&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
    [2011/08/18 11:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    
    :Files
    C:\Program Files\SearchProtect
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
-------------------------------------------------------------
Download MyDefrag from here and Install it : http://www.mydefrag.com/
(The download button is on the left).
After Installation, run MyDefrag in Monthly Mode on the C: drive
Wait for it to Finish. Go for lunch. It may take a while.
After it finishes, you can run it in Daily mode, once every week or two. (A lot faster).
---------------------------------------------------
So, In Your Replies, we will be looking for the following :
The contents of:
  • The FIX log from OTL
  • Fresh version of OTL.txt from the Quick Scan.
Please feel free to use separate replies.

After you do all this, let me know how it appears to run.
(Internet can be expected to perform a bit slower than it will be, speeding up in the next day or two.)

askey127
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
12-Feb-2014, 06:53 AM #6
Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2664360677-176283706-2246631139-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2664360677-176283706-2246631139-1005\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
Prefs.js: [email protected]:6.7 removed from extensions.enabledItems
Prefs.js: [email protected]:6.7 removed from extensions.enabledItems
Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00 removed from extensions.enabledItems
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchPro tect\bin\SPVC32Loader.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Temp folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\SearchProtect not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Monica Marchand\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Monica Marchand\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Monica Marchand
->Java cache emptied: 1743304 bytes

User: NetworkService

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 9454 bytes

User: Monica Marchand
->Flash cache emptied: 2417 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 1597440 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1580632 bytes
->Flash cache emptied: 0 bytes

User: Monica Marchand
->Temp folder emptied: 82008982 bytes
->Temporary Internet Files folder emptied: 714654771 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54068532 bytes
->Google Chrome cache emptied: 141931300 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6553674 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10194739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 357204749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 525478 bytes
RecycleBin emptied: 268147417 bytes

Total Files Cleaned = 1,563.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_102218
Files\Folders moved on Reboot...
C:\Documents and Settings\Monica Marchand\Local Settings\Temp\CVHLauncher(20140211192558954).log moved successfully.
C:\Documents and Settings\Monica Marchand\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF5777.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF57EC.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF5893.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF58C9.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF5A9A.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF5ABA.tmp not found!
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\Content.IE5\WIT33DSR\1119456-huge-computer-slow-down-internet[1].html moved successfully.
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
12-Feb-2014, 07:18 AM #7
OTL logfile created on: 12/02/2014 10:54:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Monica Marchand\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.29 Mb Total Physical Memory | 392.48 Mb Available Physical Memory | 38.69% Memory free
2.39 Gb Paging File | 1.78 Gb Available in Paging File | 74.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.05 Gb Total Space | 44.49 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 71.00 Gb Total Space | 70.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: MONICA | User Name: Monica Marchand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/11 19:34:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
PRC - [2014/01/28 19:07:08 | 002,548,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/09 18:12:44 | 004,511,072 | ---- | M] (Secure Download Ltd.) -- C:\Program Files\SoftPlanet Software Assistant\spassist.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/06/15 16:54:24 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2009/06/12 15:37:38 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2009/06/02 01:23:42 | 003,153,408 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/28 19:07:08 | 002,548,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/06/02 01:23:42 | 003,153,408 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/07/12 23:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/05 16:16:49 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/13 08:58:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/06/26 18:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 18:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 18:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 18:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/06/18 19:34:10 | 000,530,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl819xp.sys -- (RTL819xp)
DRV - [2009/07/28 23:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/01 09:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)
DRV - [2009/05/23 06:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/02/07 01:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/06 03:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 12:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/01/04 22:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/27 04:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...g}&rlz=1I7SMSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{525F8A84-9EC3-45AD-8788-7CA39CA8F7BF}: "URL" = http://uk.search.yahoo.com/search?fr...p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...rlz=1I7SMSN_en
IE - HKCU\..\SearchScopes\{9216DA65-FFA1-463C-B461-0E440F94AA64}: "URL" = http://uk.search.yahoo.com/search?fr...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: avg@toolbar:14.0.2.14
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

[2014/02/02 22:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Extensions
[2014/02/11 19:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions
[2010/11/12 16:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/01 10:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica Marchand\Application Data\Mozilla\Firefox\Profiles\mgwgdetk.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[2014/02/03 10:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 10:34:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryFor Suggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instan tExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:ze roPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParamete r},
CHR - homepage: http:\\/\\/www.safesearch.net\\/?utm_medium=ch&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Wallet = C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDC8AC41-D072-4C52-AF79-059033DD623C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 22:30:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/12 10:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign
[2014/02/12 10:22:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/11 20:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\_swf_imagine digital freedom_work
[2014/02/11 19:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
[2014/02/11 18:59:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/08 00:44:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2014/02/08 00:40:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
[2014/02/02 23:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
[2014/02/02 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/02 21:59:57 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/02 21:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/02 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/01/31 19:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\My Documents\Add-in Express
[2014/01/31 19:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\SoftPlanet
[2014/01/31 19:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\SoftPlanet Software Assistant
[2014/01/31 18:23:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/31 11:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2014/01/30 21:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BoostSoftware
[2014/01/26 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/22 11:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica Marchand\My Documents\Argentina ,Enero 2014

========== Files - Modified Within 30 Days ==========

[2014/02/12 10:52:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job
[2014/02/12 10:46:22 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/12 10:43:45 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2014/02/12 10:43:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/12 10:43:18 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/12 10:43:16 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2014/02/12 10:43:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job
[2014/02/12 10:43:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\SoftPlanet Software Assistant.job
[2014/02/12 10:42:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/12 10:42:01 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/12 10:37:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/12 10:31:46 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/12 10:22:14 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFFFFC7-254B-4839-9864-6EFA0EA87C7D}.job
[2014/02/11 20:16:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/11 19:34:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monica Marchand\Desktop\OTL.exe
[2014/02/11 18:58:30 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Desktop\AdwCleaner.exe
[2014/02/11 18:10:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/08 00:47:07 | 000,380,416 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Desktop\0p98crx6.exe
[2014/02/08 00:40:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
[2014/02/08 00:37:02 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/04 21:52:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job
[2014/02/04 21:52:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job
[2014/02/04 17:38:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/02 23:11:31 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/02/02 22:48:26 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\Monica Marchand_KBD.ini
[2014/02/02 22:01:04 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/02 22:01:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/02 22:00:09 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/22 22:39:40 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/22 22:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/22 21:26:54 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2014/02/12 10:32:24 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2014/02/12 10:32:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2014/02/11 18:58:29 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Desktop\AdwCleaner.exe
[2014/02/08 00:47:04 | 000,380,416 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Desktop\0p98crx6.exe
[2014/02/08 00:32:03 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/08 00:32:01 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/02 22:01:03 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/02 22:01:03 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/02 22:01:02 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/02 22:00:09 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/02 22:00:09 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/31 19:48:10 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\SoftPlanet Software Assistant.job
[2014/01/30 21:52:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job
[2014/01/30 21:52:14 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job
[2014/01/30 21:52:14 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job
[2014/01/30 21:52:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job
[2013/12/08 22:05:24 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2013/05/29 14:06:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/30 08:48:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 21:58:39 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Monica Marchand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/30 23:33:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/12 10:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign
[2013/12/08 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/02/02 22:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BoostSoftware
[2010/11/09 15:14:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/12 10:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/30 22:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAMSUNG
[2011/09/07 02:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2011/11/14 01:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/06/25 10:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinClon
[2009/07/30 22:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2010/09/22 07:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/12/08 21:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\AVG2014
[2011/09/12 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoft
[2014/02/11 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\SoftGrid Client
[2011/08/18 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\TP
[2013/12/08 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monica Marchand\Application Data\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/11/26 15:27:20 | 008,719,510 | ---- | M] ()(C:\Documents and Settings\Monica Marchand\My Documents\? Kiss - I Was Made For Loving You (Good Quality).mp3) -- C:\Documents and Settings\Monica Marchand\My Documents\♫ Kiss - I Was Made For Loving You (Good Quality).mp3
[2011/11/26 15:24:43 | 008,719,510 | ---- | C] ()(C:\Documents and Settings\Monica Marchand\My Documents\? Kiss - I Was Made For Loving You (Good Quality).mp3) -- C:\Documents and Settings\Monica Marchand\My Documents\♫ Kiss - I Was Made For Loving You (Good Quality).mp3
< End of report >
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
12-Feb-2014, 07:50 AM #8
slstevens123,
You need to get the Home page of Chrome set to something else besides Safesearch.net
If you have trouble doing that, instructions are here: https://support.google.com/chrome/answer/95314?hl=en
(I will try to remove it with OTL here, but it may not work)
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java(TM) 6 Update 24

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    CHR - homepage: http:\\/\\/www.safesearch.net\\/?utm_medium=ch&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
    [2014/01/30 21:52:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job
    [2014/01/30 21:52:14 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job
    [2014/01/30 21:52:14 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job
    [2014/01/30 21:52:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
-----------------------------------------------------------
Be sure to read the information here, about the events in April and its effect on Windows XP, its risks and options:
askey127
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
13-Feb-2014, 01:08 PM #9
Hi askey127

Thanks for your reply. Sorry I didn't respond in full to your previous post, MyDefrag took ages and I had to wait overnight for it to complete fully.

Will follow your latest set of instructions and report back afterwards

Many thanks,
slstevens123
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
13-Feb-2014, 01:15 PM #10
That's OK.
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
13-Feb-2014, 01:47 PM #11
Thanks for providing the info. Here's the log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_WeeklyTask.job moved successfully.
C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LG_DailyTask.job moved successfully.
C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_LogonTask.job moved successfully.
C:\WINDOWS\tasks\PCHB_Monica Marchand_PCHealthBoost_RS_DailyTask.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Monica Marchand\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Monica Marchand\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Monica Marchand
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Monica Marchand
->Flash cache emptied: 581 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Monica Marchand
->Temp folder emptied: 819478 bytes
->Temporary Internet Files folder emptied: 8416668 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48753 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02132014_173014
Files\Folders moved on Reboot...
C:\Documents and Settings\Monica Marchand\Local Settings\Temp\CVHLauncher(20140213172450CA0).log moved successfully.
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF80BE.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF8A50.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF8AF0.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF8B14.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF8BF6.tmp not found!
File\Folder C:\Documents and Settings\Monica Marchand\Local Settings\Temp\~DF8C09.tmp not found!
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\Content.IE5\I0KKRHK2\1119456-huge-computer-slow-down-internet[1].html moved successfully.
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Monica Marchand\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
13-Feb-2014, 03:11 PM #12
We should be about done cleaning up, unless you see something going on that you don't like.
Let me know about the speed and connectivity.

You will need to change the Chrome Home Page yourself to get rid of Safesearch.net.
If you don't change it, that page will attempt to shovel junkware onto your machine.

Last edited by askey127; 13-Feb-2014 at 03:39 PM..
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
14-Feb-2014, 05:20 PM #13
Ok thank you. Thought I had already changed the homepage. Will check again now.

Quick question- should I delete all of the programs that I've downloaded to clean up?

Thanks once again
askey127's Avatar
askey127 askey127 is offlineaskey127 is authorized to help remove malware.
Malware Removal Specialist with 961 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
14-Feb-2014, 05:51 PM #14
OTL will do most of that for you.
Just open it one more time and click the Clean Up button.
slstevens123's Avatar
slstevens123 slstevens123 is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Feb 2014
18-Feb-2014, 09:19 PM #15
Hi Askey127, just wanted to check in and thank you once again for all of your help!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools