PDA

View Full Version : PC runs slow, Keep finding same malware. Help?


Soulbound
2013-12-07, 06:52
Hello everyone.
Thank you for having a site like this and doing this as well. I really appreciate it.
My PC has been running real slow. Ive noticed that there are somethings in my installed programs that I did not put there and when I deleted them they would just come right back. I ran a Spybot test and I would get infections every time in the results even after it said it had cleaned everything up.

Also, I was able to download and run the ERUNT Program but I am running Windows Vista Basic and I don't believe it is supported with that program.




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by N john at 23:45:29 on 2013-12-06
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3316.1769 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: SweetTunes Toolbar: {5fec7248-515c-47be-ab0a-6bc547472dea} - c:\program files\sweettunes\prxtbSwee.dll
mURLSearchHooks: SweetTunes Toolbar: {5fec7248-515c-47be-ab0a-6bc547472dea} - c:\program files\sweettunes\prxtbSwee.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: SweetTunes Toolbar: {5fec7248-515c-47be-ab0a-6bc547472dea} - c:\program files\sweettunes\prxtbSwee.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
TB: SweetTunes Toolbar: {5FEC7248-515C-47BE-AB0A-6BC547472DEA} - c:\program files\sweettunes\prxtbSwee.dll
TB: SweetTunes Toolbar: {5fec7248-515c-47be-ab0a-6bc547472dea} - c:\program files\sweettunes\prxtbSwee.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihwa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 545"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B6BE6FBE-BB06-49CB-99CD-3FACFC8E3DB4} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\n john\appdata\roaming\mozilla\firefox\profiles\iej7rske.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287808&CUI=UN21652573827359204&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.1.2\npsitesafety.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-11-10 12:54; {5fec7248-515c-47be-ab0a-6bc547472dea}; c:\users\n john\appdata\roaming\mozilla\firefox\profiles\iej7rske.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}
FF - ExtSQL: 2013-11-10 13:14; {f30bc043-a8eb-0989-e3fe-ba3a6da5bb1d}; c:\users\n john\appdata\roaming\mozilla\firefox\profiles\iej7rske.default\extensions\{f30bc043-a8eb-0989-e3fe-ba3a6da5bb1d}
FF - ExtSQL: 2013-11-26 21:37; {01e86e69-a2f8-48a0-b068-83869bdba3d0}; c:\users\n john\appdata\roaming\mozilla\firefox\profiles\iej7rske.default\extensions\{01e86e69-a2f8-48a0-b068-83869bdba3d0}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
.
.
.
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2013-3-4 21728]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-12 37664]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-11-10 101888]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-12 418376]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104768]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-12 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-12 168384]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2013-10-30 1739064]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-13 1734680]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2013-3-4 303360]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2013-3-4 1074944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-12 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2013-9-18 12320]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-12 701512]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-12 1103392]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2013-3-22 35256]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-12-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2013-3-4 50704]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-12-07 02:06:43 719224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{65a0d831-6bbc-4ca3-a8b6-9ce91b670937}\gapaengine.dll
2013-12-07 02:04:49 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f3c094e6-748a-41cd-a683-acae0f4351d6}\mpengine.dll
2013-12-06 02:35:32 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-12-06 02:35:26 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2013-12-06 02:31:44 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-12-06 02:20:29 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-05 19:45:47 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-28 02:34:04 338944 ----a-w- c:\windows\system32\AdpeakProxy.dll
2013-11-27 08:29:05 -------- d-----w- c:\users\n john\appdata\local\GCC
2013-11-27 08:28:27 -------- d-----w- c:\users\n john\appdata\local\SwvUpdater
2013-11-27 02:39:22 -------- d-----w- c:\program files\SearchProtect
2013-11-27 02:32:27 -------- d-----w- c:\users\n john\appdata\local\VisualBeeExe
2013-11-27 02:30:48 -------- d-----w- c:\programdata\VisualBee
2013-11-27 02:30:20 -------- d-----w- C:\temp
2013-11-27 02:30:06 -------- d-----w- c:\program files\Level Quality Watcher
2013-11-16 03:41:59 3459696 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-11-16 03:41:58 302192 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2013-11-16 03:41:58 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-11-16 03:41:57 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-11-16 03:41:57 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-11-16 03:41:54 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-11-16 03:41:54 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-16 03:41:54 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-11-15 19:48:58 -------- d-----w- c:\users\n john\appdata\roaming\AVG2014
2013-11-15 19:39:30 -------- d-----w- c:\programdata\AVG2014
2013-11-15 19:35:47 -------- d-----w- c:\users\n john\appdata\local\Avg2014
2013-11-15 03:40:37 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-11-13 07:31:43 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 07:31:36 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 07:31:34 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 07:31:33 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-10 18:05:34 -------- d-----w- c:\programdata\Conduit
2013-11-10 18:05:28 -------- d-----w- c:\program files\SweetTunes
2013-11-10 18:02:41 -------- d-----w- c:\users\n john\appdata\local\NativeMessaging
2013-11-10 18:02:16 -------- d-----w- c:\users\n john\appdata\local\CRE
2013-11-10 18:01:49 -------- d-----w- c:\program files\Conduit
2013-11-10 17:53:57 -------- d-----w- c:\users\n john\appdata\local\FreemakeVideoConverter
2013-11-10 09:38:20 -------- d-----w- c:\windows\system32\MRT
2013-11-10 09:14:11 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4ccf8517-79d0-447d-9ad4-c6242789e9fe}\gapaengine.dll
2013-11-10 09:05:34 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-10 09:03:55 812544 ----a-w- c:\windows\system32\certutil.exe
2013-11-10 09:03:54 41984 ----a-w- c:\windows\system32\certenc.dll
2013-11-10 09:03:27 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-11-10 09:03:27 37376 ----a-w- c:\windows\system32\printcom.dll
2013-11-10 09:03:17 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-10 09:03:09 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-10 09:02:33 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-10 09:02:32 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-10 09:02:31 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-11-10 09:02:13 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-11-10 09:02:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-11-10 08:57:53 -------- d-----w- c:\program files\iPod
2013-11-10 08:57:47 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-10 08:57:47 -------- d-----w- c:\program files\iTunes
2013-11-10 08:46:54 505344 ----a-w- c:\windows\system32\qedit.dll
2013-11-10 08:46:07 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-11-10 08:45:08 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-11-10 08:44:48 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-11-10 08:34:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-11-10 08:34:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-11-10 08:34:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-11-10 08:34:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-11-10 08:34:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-11-10 08:32:41 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-11-10 08:32:32 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-11-10 08:32:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-11-10 08:32:30 172544 ----a-w- c:\windows\system32\wintrust.dll
.
==================== Find3M ====================
.
2013-12-06 01:33:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-06 01:33:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 07:18:22 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-06 02:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-05 02:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-01 04:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-11-01 03:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-25 03:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-27 14:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-17 05:57:26 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-10 05:43:20 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 23:46:43.36 ===============

Sorry, Forgot to attach this one to the first post.

This is the aswMBR log that I needed to post as well.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-06 23:56:45
-----------------------------
23:56:45.986 OS Version: Windows 6.0.6002 Service Pack 2
23:56:45.986 Number of processors: 1 586 0x1601
23:56:45.993 ComputerName: HOME-PC UserName: N john
23:56:48.623 Initialize success
23:59:26.277 AVAST engine defs: 13120600
00:01:01.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:01:01.871 Disk 0 Vendor: WDC_WD5000AVVS-63M8B0 01.00A01 Size: 476940MB BusType: 3
00:01:02.005 Disk 0 MBR read successfully
00:01:02.010 Disk 0 MBR scan
00:01:02.053 Disk 0 Windows VISTA default MBR code
00:01:02.061 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
00:01:02.119 Disk 0 scanning sectors +976771072
00:01:02.215 Disk 0 scanning C:\Windows\system32\drivers
00:01:16.179 Service scanning
00:01:28.213 Service MpKsl92843963 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3C094E6-748A-41CD-A683-ACAE0F4351D6}\MpKsl92843963.sys **LOCKED** 32
00:01:49.945 Modules scanning
00:01:56.265 Disk 0 trace - called modules:
00:01:56.301 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:01:56.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861bc3e8]
00:01:56.319 3 CLASSPNP.SYS[8b1aa8b3] -> nt!IofCallDriver -> [0x84d04918]
00:01:56.326 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85692528]
00:01:59.015 AVAST engine scan C:\Windows
00:02:05.123 AVAST engine scan C:\Windows\system32
00:08:05.188 AVAST engine scan C:\Windows\system32\drivers
00:09:04.438 AVAST engine scan C:\Users\N john
00:09:40.157 File: C:\Users\N john\AppData\Local\GCC\Controller.exe **INFECTED** Win32:Dropper-gen [Drp]
00:10:34.278 Disk 0 MBR has been saved successfully to "C:\Users\N john\Documents\MBR.dat"
00:10:34.335 The log file has been saved successfully to "C:\Users\N john\Documents\aswMBR.txt"
ken545
2013-12-14, 12:46
:welcome:

Sorry for the delay. Just reply to this thread only by using the Submit Reply button and please do not start any new topics.

You have AVG Free and also Microsoft Security Essentials installed, you only need one Anti Virus program, more than one is overkill and can hamper system performance so its your call but you need to uninstall one via Programs and Features in the Control Panel.

You have a bogus toolbar installed, there may be more

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Soulbound
2013-12-14, 22:55
Hey Ken45, Thanks for the welcome.
I also have removed one of the Anti-Viruses you mentioned, Microsoft Security Essentials. I also downloaded the Adwcleaner program and ran the test.
This is the report log. I believe this is the whole log, It still says pending, Please un-check elements you don't want removed.
Hopefully, I have gives you the log correctly as per your instructions.



# AdwCleaner v3.015 - Report created 14/12/2013 at 14:05:00
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : N john - HOME-PC
# Running from : C:\Users\N john\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\sweettunes_search.xml
File Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\avg-secure-search.xml
File Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\bingp.xml
File Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\conduit-search.xml
File Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\user.js
Folder Found : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng
Folder Found : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng
Folder Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\Extensions\{01e86e69-a2f8-48a0-b068-83869bdba3d0}
Folder Found : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\Program Files\SweetTunes
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\VisualBee
Folder Found C:\Users\N john\AppData\Local\AVG Secure Search
Folder Found C:\Users\N john\AppData\Local\NativeMessaging
Folder Found C:\Users\N john\AppData\Local\Searchprotect
Folder Found C:\Users\N john\AppData\Local\SwvUpdater
Folder Found C:\Users\N john\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\N john\AppData\LocalLow\Conduit
Folder Found C:\Users\N john\AppData\LocalLow\PriceGong
Folder Found C:\Users\N john\AppData\LocalLow\SweetTunes
Folder Found C:\Users\N john\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\CT3287808
Folder Found C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\CT3311875
Folder Found C:\Users\NJOHN~1\AppData\Local\Temp\Smartbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\SweetTunes
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Found : HKCU\Software\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F500B1E-E54D-43B6-8193-E10C63C3E150}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35F19156-3DE8-4D55-BD47-2AEE42E536A3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0A28909-F4D3-4E9A-AE7F-5193908D19D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0A28909-F4D3-4E9A-AE7F-5193908D19D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SweetTunes
Key Found : HKLM\Software\visualbee
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\prefs.js ]

Line Found : user_pref("CT3287808.FF19Solved", "true");
Line Found : user_pref("CT3287808.UserID", "UN21652573827359204");
Line Found : user_pref("CT3287808.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3287808.fullUserID", "UN21652573827359204.IN.20131126213741");
Line Found : user_pref("CT3287808.installDate", "26/11/2013 21:37:49");
Line Found : user_pref("CT3287808.installSessionId", "{2AF8F63A-B730-4D7B-88F8-1FC506D674EE}");
Line Found : user_pref("CT3287808.installSp", "TRUE");
Line Found : user_pref("CT3287808.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3287808.keyword", "true");
Line Found : user_pref("CT3287808.originalHomepage", "www.google.com");
Line Found : user_pref("CT3287808.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=");
Line Found : user_pref("CT3287808.originalSearchEngine", "SweetTunes Search");
Line Found : user_pref("CT3287808.originalSearchEngineName", "SweetTunes Search");
Line Found : user_pref("CT3287808.searchRevert", "false");
Line Found : user_pref("CT3287808.searchUninstallUserMode", "2");
Line Found : user_pref("CT3287808.searchUserMode", "2");
Line Found : user_pref("CT3287808.smartbar.homepage", "true");
Line Found : user_pref("CT3287808.toolbarInstallDate", "26-11-2013 21:37:41");
Line Found : user_pref("CT3287808.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3287808.xpeMode", "0");
Line Found : user_pref("CT3311875.FF19Solved", "true");
Line Found : user_pref("CT3311875.UserID", "UN53923017911019276");
Line Found : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3311875.fullUserID", "UN53923017911019276.IN.20131110125433");
Line Found : user_pref("CT3311875.installDate", "10/11/2013 12:54:43");
Line Found : user_pref("CT3311875.installSessionId", "{020BC15D-2B8B-4927-98D2-7D8B0DB2FCD2}");
Line Found : user_pref("CT3311875.installSp", "TRUE");
Line Found : user_pref("CT3311875.installerVersion", "1.8.0.14");
Line Found : user_pref("CT3311875.keyword", "true");
Line Found : user_pref("CT3311875.originalHomepage", "www.yahoo.com");
Line Found : user_pref("CT3311875.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=U017DF&PC=U017&dt=052113&q=");
Line Found : user_pref("CT3311875.originalSearchEngine", "Bing ");
Line Found : user_pref("CT3311875.originalSearchEngineName", "Bing ");
Line Found : user_pref("CT3311875.searchRevert", "false");
Line Found : user_pref("CT3311875.searchUserMode", "2");
Line Found : user_pref("CT3311875.smartbar.homepage", "true");
Line Found : user_pref("CT3311875.toolbarInstallDate", "10-11-2013 12:54:34");
Line Found : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");
Line Found : user_pref("CT3311875.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287808&octid=CT3287808&SearchSource=61&CUI=UN21652573827359204&UM=2&UP=SP1C900D80-9347-408E-8276-B1099797018F");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=");
Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "VisualBee V.9 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287808&CUI=UN21652573827359204&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "quickoc");
Line Found : user_pref("extensions.helperbar.installationid", "f30bc043-a8eb-0989-e3fe-ba3a6da5bb1d");
Line Found : user_pref("extensions.helperbar.installdate", "10/11/2013");
Line Found : user_pref("extensions.helperbar.publisher", "quickoc");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3287808");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN53923017911019276&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311875&octid=CT3311875&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287808");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3287808");
Line Found : user_pref("smartbar.machineId", "G8DECN19GN+XTKWMQYHRYM0MXZSDYYTLFBPV1M0TL/1RZTTX7ZLWHQ8EJ8V3IFYPZAYO1CEIFTVXMEYJ42TTSG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN53923017911019276&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [16299 octets] - [14/12/2013 14:05:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16360 octets] ##########
ken545
2013-12-14, 23:41
Great

Some more work for you :sad:


Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Soulbound
2013-12-15, 04:19
Here the Adwcleaner log you requested after the scan was complete with clean up.




# AdwCleaner v3.015 - Report created 14/12/2013 at 21:09:26
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : N john - HOME-PC
# Running from : C:\Users\N john\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\SweetTunes
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\N john\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\N john\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\N john\AppData\Local\Searchprotect
Folder Deleted : C:\Users\N john\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\NJOHN~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\N john\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\N john\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\N john\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\N john\AppData\LocalLow\SweetTunes
Folder Deleted : C:\Users\N john\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\CT3287808
Folder Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\CT3311875
Folder Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\Extensions\{01e86e69-a2f8-48a0-b068-83869bdba3d0}
Folder Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}
Folder Deleted : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng
[!] Folder Deleted : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng
File Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\bingp.xml
File Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\conduit-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\sweettunes_search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Deleted : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0A28909-F4D3-4E9A-AE7F-5193908D19D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F500B1E-E54D-43B6-8193-E10C63C3E150}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35F19156-3DE8-4D55-BD47-2AEE42E536A3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetTunes
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\SweetTunes
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\prefs.js ]

Line Deleted : user_pref("CT3287808.FF19Solved", "true");
Line Deleted : user_pref("CT3287808.UserID", "UN21652573827359204");
Line Deleted : user_pref("CT3287808.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287808.fullUserID", "UN21652573827359204.IN.20131126213741");
Line Deleted : user_pref("CT3287808.installDate", "26/11/2013 21:37:49");
Line Deleted : user_pref("CT3287808.installSessionId", "{2AF8F63A-B730-4D7B-88F8-1FC506D674EE}");
Line Deleted : user_pref("CT3287808.installSp", "TRUE");
Line Deleted : user_pref("CT3287808.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287808.keyword", "true");
Line Deleted : user_pref("CT3287808.originalHomepage", "www.google.com");
Line Deleted : user_pref("CT3287808.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=");
Line Deleted : user_pref("CT3287808.originalSearchEngine", "SweetTunes Search");
Line Deleted : user_pref("CT3287808.originalSearchEngineName", "SweetTunes Search");
Line Deleted : user_pref("CT3287808.searchRevert", "false");
Line Deleted : user_pref("CT3287808.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287808.searchUserMode", "2");
Line Deleted : user_pref("CT3287808.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287808.toolbarInstallDate", "26-11-2013 21:37:41");
Line Deleted : user_pref("CT3287808.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3287808.xpeMode", "0");
Line Deleted : user_pref("CT3311875.FF19Solved", "true");
Line Deleted : user_pref("CT3311875.UserID", "UN53923017911019276");
Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311875.fullUserID", "UN53923017911019276.IN.20131110125433");
Line Deleted : user_pref("CT3311875.installDate", "10/11/2013 12:54:43");
Line Deleted : user_pref("CT3311875.installSessionId", "{020BC15D-2B8B-4927-98D2-7D8B0DB2FCD2}");
Line Deleted : user_pref("CT3311875.installSp", "TRUE");
Line Deleted : user_pref("CT3311875.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3311875.keyword", "true");
Line Deleted : user_pref("CT3311875.originalHomepage", "www.yahoo.com");
Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=U017DF&PC=U017&dt=052113&q=");
Line Deleted : user_pref("CT3311875.originalSearchEngine", "Bing ");
Line Deleted : user_pref("CT3311875.originalSearchEngineName", "Bing ");
Line Deleted : user_pref("CT3311875.searchRevert", "false");
Line Deleted : user_pref("CT3311875.searchUserMode", "2");
Line Deleted : user_pref("CT3311875.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311875.toolbarInstallDate", "10-11-2013 12:54:34");
Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3311875.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287808&octid=CT3287808&SearchSource=61&CUI=UN21652573827359204&UM=2&UP=SP1C900D80-9347-408E-8276-B1099797018F");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.9 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287808&CUI=UN21652573827359204&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickoc");
Line Deleted : user_pref("extensions.helperbar.installationid", "f30bc043-a8eb-0989-e3fe-ba3a6da5bb1d");
Line Deleted : user_pref("extensions.helperbar.installdate", "10/11/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickoc");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN53923017911019276&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311875&octid=CT3311875&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN53923017911019276&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.machineId", "G8DECN19GN+XTKWMQYHRYM0MXZSDYYTLFBPV1M0TL/1RZTTX7ZLWHQ8EJ8V3IFYPZAYO1CEIFTVXMEYJ42TTSG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN53923017911019276&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [16441 octets] - [14/12/2013 14:05:00]
AdwCleaner[R1].txt - [16500 octets] - [14/12/2013 21:07:48]
AdwCleaner[S0].txt - [16331 octets] - [14/12/2013 21:09:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16392 octets] ##########
Soulbound
2013-12-15, 04:33
Hey Ken45, Here is the JRT.Log you also requested.
Please excuse me for posting a separate reply for it as I am trying to do things as quick and neat as possible.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by N john on Sat 12/14/2013 at 21:21:46.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E8B6F624-E0DC-44F6-8709-8374BF109C93}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\N john\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\N john\appdata\local\{7544288B-1A8F-412C-AF4C-93F9931B468A}
Successfully deleted: [Empty Folder] C:\Users\N john\appdata\local\{D008F6EF-9E74-4313-9CFB-34AD2FC9C1A4}
Successfully deleted: [Empty Folder] C:\Users\N john\appdata\local\{FCF0AD15-E8F2-4BAE-AFA6-E4D7A2C8448B}



~~~ FireFox

Emptied folder: C:\Users\N john\AppData\Roaming\mozilla\firefox\profiles\iej7rske.default\minidumps [681 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/14/2013 at 21:30:34.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ken545
2013-12-15, 12:12
Good Morning,

Your doing just fine, not to worry :)


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Soulbound
2013-12-15, 19:43
Thanks for helping me with this Ken45, I have already noticed speed coming back to the PC.
This is the MalwareBytes Log you requested. At the end of the scan, It said no malicious items were detected.



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
N john :: HOME-PC [administrator]

12/15/2013 12:19:56 PM
mbam-log-2013-12-15 (12-19-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203864
Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ken545
2013-12-15, 20:21
:bigthumb:

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Soulbound
2013-12-15, 21:15
Ken45, This the OTL.txt you requested. I will be making a second post for the Extras.Txt



OTL logfile created on: 12/15/2013 1:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\N john\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.61% Memory free
6.70 Gb Paging File | 5.33 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 357.27 Gb Free Space | 76.71% Space Free | Partition Type: NTFS
Drive J: | 931.28 Gb Total Space | 378.21 Gb Free Space | 40.61% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: N john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\N john\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe ()
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\N john\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe ()
PRC - C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater17.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.1.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (WSWNA3100) -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (RTL8192su) -- system32\DRIVERS\RTL8192su.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (lsnfd) -- system32\drivers\lsnfd.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (dsiarhwprog) -- C:\Windows\System32\drivers\dsiarhwprog.sys (Thesycon GmbH, Germany)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={549260FC-7C5B-4EB2-A4F5-D37C68788F2C}&mid=36f50b4c7aa047d0b816d1544f6be6b7-0fe6e78672af5a9fe95f5b019a3ee027de21d336&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-15 12:21:15&v=17.1.2.1&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\..\SearchScopes\BB1189934F8C4B9196DAAB7D918824BA: "URL" = http://isearch.avg.com/search?cid={B3DACAA2-1301-44DE-85D7-29D5A3CD41F0}&mid=36f50b4c7aa047d0b816d1544f6be6b7-0fe6e78672af5a9fe95f5b019a3ee027de21d336&lang=en&ds=AVG&pr=fr&d=2012-12-12 16:50:30&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/ "
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7Bf30bc043-a8eb-0989-e3fe-ba3a6da5bb1d%7D:1.1
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.6
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.1.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/11/10 12:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com: C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1 [2013/12/15 12:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 22:41:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 22:42:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 22:41:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 22:42:02 | 000,000,000 | ---D | M]

[2012/12/16 12:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Extensions
[2012/12/16 12:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/12/14 21:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions
[2013/11/10 13:14:20 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\{f30bc043-a8eb-0989-e3fe-ba3a6da5bb1d}
[2013/12/09 23:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\trash
[2013/12/07 00:39:57 | 000,494,053 | ---- | M] () (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2013/12/07 00:46:11 | 000,167,212 | ---- | M] () (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\thumbnailZoom@dadler.github.com.xpi
[2012/12/13 12:42:02 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/11/10 12:43:01 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/13 13:41:48 | 000,002,533 | ---- | M] () -- C:\Users\N john\AppData\Roaming\Mozilla\Firefox\Profiles\iej7rske.default\searchplugins\aol-search.xml
[2013/11/28 16:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 22:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 22:43:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/10 12:52:06 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2013/12/15 12:21:36 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\17.1.2.1

========== Chrome ==========

CHR - Extension: No name found = C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: No name found = C:\Users\N john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2013/12/08 01:29:03 | 000,450,558 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15469 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\N john\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=36f50b4c7aa047d0b816d1544f6be6b7-0fe6e78672af5a9fe95f5b019a3ee027de21d336 /CMPID=1113a File not found
O4 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000..\Run: [f.lux] C:\Users\N john\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2968951800-2152561983-2844944080-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BE6FBE-BB06-49CB-99CD-3FACFC8E3DB4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\N john\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\N john\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/08 11:19:50 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O33 - MountPoints2\{5797ed66-46bf-11e2-a415-001d098f0f44}\Shell - "" = AutoRun
O33 - MountPoints2\{5797ed66-46bf-11e2-a415-001d098f0f44}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{9a312df5-5de3-11e3-b65f-001d098f0f44}\Shell - "" = AutoRun
O33 - MountPoints2\{9a312df5-5de3-11e3-b65f-001d098f0f44}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/15 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Local\AVG SafeGuard toolbar
[2013/12/15 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/12/15 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/12/15 12:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/12/15 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/12/14 21:21:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/14 14:04:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/14 14:02:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/12 01:31:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 01:31:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 01:31:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 01:31:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 01:31:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 01:31:39 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 01:31:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 01:31:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 00:51:06 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/12 00:51:04 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/12 00:51:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/12 00:51:03 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/12 00:50:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/12 00:50:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/07 00:41:33 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2013/12/07 00:41:30 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Local\FluxSoftware
[2013/12/07 00:18:08 | 000,000,000 | ---D | C] -- C:\Users\N john\Documents\ProcAlyzer Dumps
[2013/12/06 23:41:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/12/06 23:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/06 23:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/12/05 21:20:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/11/27 03:29:05 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Local\GCC
[2013/11/26 21:30:20 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/26 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/15 22:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/15 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Roaming\AVG2014
[2013/11/15 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/15 14:35:47 | 000,000,000 | ---D | C] -- C:\Users\N john\AppData\Local\Avg2014

========== Files - Modified Within 30 Days ==========

[2013/12/15 13:52:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/15 12:40:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 12:40:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/15 12:38:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/15 12:38:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/15 12:21:37 | 000,003,740 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/12/15 12:20:23 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/12/15 12:15:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/15 12:10:28 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/15 12:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/15 12:09:13 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/15 03:12:28 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/15 03:12:28 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/14 14:04:00 | 001,226,802 | ---- | M] () -- C:\Users\N john\Desktop\AdwCleaner.exe
[2013/12/14 14:03:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/12/13 18:26:59 | 000,003,244 | ---- | M] () -- C:\Windows\wininit.ini
[2013/12/13 00:31:52 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013/12/13 00:31:52 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/12/12 03:59:58 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 01:14:09 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/10 12:40:37 | 236,870,513 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/09 03:36:18 | 000,003,728 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/12/08 22:43:20 | 000,000,860 | ---- | M] () -- C:\Users\N john\Documents\oracion de ley.rtf
[2013/12/08 22:41:22 | 000,000,697 | ---- | M] () -- C:\Users\N john\Documents\Law Prayer Stay Away.rtf
[2013/12/08 19:32:42 | 000,001,118 | ---- | M] () -- C:\Users\N john\Documents\nickie.rtf
[2013/12/08 17:41:05 | 000,000,104 | ---- | M] () -- C:\Users\N john\Desktop\Help and Support - Shortcut.lnk
[2013/12/08 14:56:11 | 000,000,828 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Amor Senor Guinos.rtf
[2013/12/08 14:30:55 | 000,000,931 | ---- | M] () -- C:\Users\N john\Documents\Oracion Bendito San Antonio D Amor.rtf
[2013/12/08 01:29:03 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/07 20:41:47 | 000,001,229 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Santa Marta.rtf
[2013/12/07 20:40:33 | 000,002,534 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Dominio.rtf
[2013/12/07 20:37:56 | 000,001,978 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Cirpriano 2.rtf
[2013/12/07 20:35:23 | 000,002,008 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Cipriano.rtf
[2013/12/07 20:24:09 | 000,002,332 | ---- | M] () -- C:\Users\N john\Documents\Oraciones.rtf
[2013/12/07 20:17:54 | 000,001,124 | ---- | M] () -- C:\Users\N john\Documents\Oracion De San Benito Separacion.rtf
[2013/12/07 20:14:00 | 000,000,927 | ---- | M] () -- C:\Users\N john\Documents\Oracion De San Alego Separacion.rtf
[2013/12/07 20:07:40 | 000,001,660 | ---- | M] () -- C:\Users\N john\Documents\Oracion De Oldio.rtf
[2013/12/07 00:13:08 | 000,000,512 | ---- | M] () -- C:\Users\N john\Documents\MBR.dat
[2013/12/06 23:53:13 | 000,002,196 | ---- | M] () -- C:\Users\N john\Desktop\attach.zip
[2013/12/06 23:40:49 | 000,000,692 | ---- | M] () -- C:\Users\N john\Desktop\ERUNT.lnk
[2013/12/05 19:29:26 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131208-012902.backup
[2013/12/05 18:38:34 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131205-192926.backup
[2013/12/04 20:00:29 | 000,404,164 | ---- | M] () -- C:\Users\N john\Desktop\audi-r8-v10-52-fsi-engine.jpg
[2013/12/04 15:34:09 | 000,458,639 | ---- | M] () -- C:\Users\N john\Documents\ROTARY P1320 POWER UNIT PARTS LIST.pdf
[2013/12/04 13:50:12 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131205-183834.backup
[2013/12/01 18:01:20 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/28 15:18:34 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131204-135012.backup
[2013/11/26 14:21:51 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/24 01:01:42 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131128-151834.backup
[2013/11/19 03:33:38 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013/12/15 12:20:49 | 000,003,740 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/12/14 14:03:51 | 001,226,802 | ---- | C] () -- C:\Users\N john\Desktop\AdwCleaner.exe
[2013/12/10 12:40:37 | 236,870,513 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/08 22:43:20 | 000,000,860 | ---- | C] () -- C:\Users\N john\Documents\oracion de ley.rtf
[2013/12/08 22:41:22 | 000,000,697 | ---- | C] () -- C:\Users\N john\Documents\Law Prayer Stay Away.rtf
[2013/12/08 19:32:42 | 000,001,118 | ---- | C] () -- C:\Users\N john\Documents\nickie.rtf
[2013/12/08 17:41:05 | 000,000,104 | ---- | C] () -- C:\Users\N john\Desktop\Help and Support - Shortcut.lnk
[2013/12/08 14:56:11 | 000,000,828 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Amor Senor Guinos.rtf
[2013/12/08 14:30:55 | 000,000,931 | ---- | C] () -- C:\Users\N john\Documents\Oracion Bendito San Antonio D Amor.rtf
[2013/12/07 20:41:47 | 000,001,229 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Santa Marta.rtf
[2013/12/07 20:40:33 | 000,002,534 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Dominio.rtf
[2013/12/07 20:37:56 | 000,001,978 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Cirpriano 2.rtf
[2013/12/07 20:35:23 | 000,002,008 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Cipriano.rtf
[2013/12/07 20:24:09 | 000,002,332 | ---- | C] () -- C:\Users\N john\Documents\Oraciones.rtf
[2013/12/07 20:17:54 | 000,001,124 | ---- | C] () -- C:\Users\N john\Documents\Oracion De San Benito Separacion.rtf
[2013/12/07 20:14:00 | 000,000,927 | ---- | C] () -- C:\Users\N john\Documents\Oracion De San Alego Separacion.rtf
[2013/12/07 20:07:40 | 000,001,660 | ---- | C] () -- C:\Users\N john\Documents\Oracion De Oldio.rtf
[2013/12/07 00:10:34 | 000,000,512 | ---- | C] () -- C:\Users\N john\Documents\MBR.dat
[2013/12/06 23:53:13 | 000,002,196 | ---- | C] () -- C:\Users\N john\Desktop\attach.zip
[2013/12/06 23:40:49 | 000,000,692 | ---- | C] () -- C:\Users\N john\Desktop\ERUNT.lnk
[2013/12/04 20:00:25 | 000,404,164 | ---- | C] () -- C:\Users\N john\Desktop\audi-r8-v10-52-fsi-engine.jpg
[2013/12/04 15:34:09 | 000,458,639 | ---- | C] () -- C:\Users\N john\Documents\ROTARY P1320 POWER UNIT PARTS LIST.pdf
[2013/11/15 14:43:40 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/10 20:28:28 | 000,003,244 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/20 15:09:24 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/03/31 13:15:10 | 000,000,054 | ---- | C] () -- C:\Users\N john\AppData\Roaming\mbam.context.scan
[2013/03/18 03:04:47 | 000,000,245 | ---- | C] () -- C:\Users\N john\.swfinfo
[2013/03/04 18:30:49 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/12/21 16:22:30 | 000,000,079 | ---- | C] () -- C:\Windows\EWF545.ini
[2012/12/20 19:12:44 | 000,101,376 | ---- | C] () -- C:\Users\N john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/12 03:55:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/12/12 03:55:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/12/11 23:31:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/12/11 21:43:28 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2012/12/11 21:43:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2012/12/11 21:43:28 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2012/12/11 21:42:53 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2012/12/11 21:33:46 | 000,000,680 | ---- | C] () -- C:\Users\N john\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/11 00:01:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 00:01:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/05 21:31:04 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\AVG
[2013/11/15 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\AVG2014
[2013/12/13 00:29:25 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\DVDVideoSoft
[2012/12/22 02:01:44 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\Epson
[2013/12/09 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\iFunbox_UserCache
[2013/06/01 12:43:38 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\ImgBurn
[2012/12/21 17:41:32 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\Leadertech
[2012/12/16 12:32:12 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\Philips-Songbird
[2013/01/22 04:09:04 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\redsn0w
[2013/02/14 22:42:44 | 000,000,000 | ---D | M] -- C:\Users\N john\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
Soulbound
2013-12-15, 21:16
OTL Extras logfile created on: 12/15/2013 1:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\N john\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.61% Memory free
6.70 Gb Paging File | 5.33 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 357.27 Gb Free Space | 76.71% Space Free | Partition Type: NTFS
Drive J: | 931.28 Gb Total Space | 378.21 Gb Free Space | 40.61% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: N john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2968951800-2152561983-2844944080-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FE4294-E96F-4C4F-9B8A-164D9B785B2D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D8E5A99C-75C9-4E3E-ABDE-DF3E3B47A4FF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0100A16D-3CBC-4566-AD06-1A27DF175351}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{06EE0709-FFDC-4638-8010-6D36C640B19E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{39A3F5F8-E817-4C23-85FC-63AF16A173F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3A49BDBC-F7BB-4D85-8A88-94B979948A08}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{489326E5-9611-4346-8C5A-06EC7905DCC3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{650DB127-2BBD-4F18-9A53-54B9785595CB}" = dir=in | app=c:\users\n john\appdata\local\gcc\controller.exe |
"{70597380-62BF-4E8D-8581-5C06E7B39DD6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{774C962E-DEC1-4A8F-A58F-F7008215B036}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D4B9225-110D-47DA-83E3-9B294844B4A2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{846F4C84-7A52-4085-BC0F-A5D24F78F788}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{940CFB51-B2B7-4665-AEAF-677AC2E09CEB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A15D5CD5-7D8C-41CE-8D4D-ADC5383C5A9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{B38A6C5F-F2E8-4427-AF8D-3034CCC7A1F5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{BF5D15AF-7418-47EA-81BE-141868DFE080}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3E134BD-E9A4-4521-BA55-625E464A113D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{E8820EB7-6D4E-4D02-B134-42758757DBA9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"TCP Query User{0CB56BBD-FCE0-4E4A-871A-9A51B0B5D96C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{84D81E39-9ABE-4225-800A-DF506F54A9BE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{99A09A9D-6139-4D4B-863F-8D5B0E692CDD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{DE0FD6F4-DBB5-4419-BBF8-B880CB53B5B1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{8C181F0B-8EE0-4082-A57F-A26DE7EEB445}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{9D479602-F8CD-4201-9023-0ADA9C28E4CC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D1A593C8-B3A3-41CC-AE0C-CB77ABCE17D6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DE834E8B-ECD2-4088-907B-5BAE07A4121D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF56E507-A96E-4973-B7FB-E49542AE5875}" = QuickShare
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"30853F7174C6EB267FDAABE50A369169D18DA611" = Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0)
"8555DF8099612EF2F8333DC0EC454113D4537E7B" = Windows Driver Package - Datel Design & Development (dsiarhwprog) USBIOControlledDevices (04/21/2009 2.40.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.17.1127
"Freemake Video Converter_is1" = Freemake Video Converter version 4.1.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iFunbox_is1" = iFunbox (v2.5.2365.747), iFunbox DevTeam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"VLC media player" = VLC media player 2.1.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2968951800-2152561983-2844944080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Amazon Kindle" = Amazon Kindle
"Flux" = f.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2013 2:10:42 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 613287

Error - 12/15/2013 2:10:42 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 613287

Error - 12/15/2013 3:30:36 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 25.0.1.5064, time stamp
0x5282f204, faulting module xul.dll, version 25.0.1.5064, time stamp 0x5282f10e,
exception code 0xc0000005, fault offset 0x00118f87, process id 0x1c8c, application
start time 0x01cef95d0d78c380.

Error - 12/15/2013 4:07:31 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/15/2013 4:16:44 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(70:73:cb:38:35:b0@fe80::7273:cbff:fe38:35b0._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 12/15/2013 5:30:09 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 25.0.1.5064, time stamp
0x5282f204, faulting module xul.dll, version 25.0.1.5064, time stamp 0x5282f10e,
exception code 0xc0000005, fault offset 0x00118f87, process id 0x2124, application
start time 0x01cef978008cc7d7.

Error - 12/15/2013 1:09:49 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/15/2013 1:14:35 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/15/2013 1:14:41 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/15/2013 1:24:24 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 25.0.1.5064, time stamp
0x5282f204, faulting module xul.dll, version 25.0.1.5064, time stamp 0x5282f10e,
exception code 0xc0000005, fault offset 0x00118f87, process id 0xc14, application
start time 0x01cef9ba2edb797e.

[ System Events ]
Error - 12/15/2013 2:53:35 AM | Computer Name = Home-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 100D7F3D3478 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2013 4:06:39 AM | Computer Name = Home-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 12/15/2013 4:07:31 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/15/2013 4:07:31 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2013 4:07:31 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2013 4:07:35 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/15/2013 1:09:19 PM | Computer Name = Home-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:41:20 AM on 12/15/2013 was unexpected.

Error - 12/15/2013 1:09:22 PM | Computer Name = Home-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 12/15/2013 1:09:51 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2013 1:10:18 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
ken545
2013-12-15, 22:16
Hey,

If you dont mind I am trying to watch the NY Giants Seattle game :yahoo:

The only problem I see on the log is that you have backup copies of your host file that are infected, easy fix

Post the log from the fix, then run a new scan with OTL and post a new log and lets make sure those entries are gone, you wont get an extras log on the second run so dont knock yourself out looking for it

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
[2013/12/05 19:29:26 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131208-012902.backup
[2013/12/05 18:38:34 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131205-192926.backup
[2013/12/04 13:50:12 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131205-183834.backup
[2013/11/24 01:01:42 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131128-151834.backup

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Soulbound
2013-12-15, 23:27
Lol, Sorry for the interruptions from the game.
Btw, I greatly appreciate your help.


All processes killed
========== OTL ==========
C:\Windows\System32\drivers\etc\hosts.20131208-012902.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20131205-192926.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20131205-183834.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20131128-151834.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\N john\Downloads\cmd.bat deleted successfully.
C:\Users\N john\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: N john

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
ken545
2013-12-15, 23:43
Wonderful, NYG Lost

Just kidding about that, I have been at this for many years and love helping nice people like your self

How is your computer running now ?

What I like to do as a final scan is to run a free online virus scanner

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
ken545
2013-12-20, 02:24
Still with me ?????
Soulbound
2013-12-21, 20:36
Hello Ken45, Sorry for not responding sooner.
I had run the scan twice because I did not get a log after it was completed. Odd thing is, I still did not get a log even after the second one completed.
Both scans, Did say that there was no infections found. Also, I cannot run any more test on it at this time as I am not home to do so.

I just want to tell you that I do appreciate all the time and effort you invested in helping me.
It runs much better than before. Still can't figure out why flash player keeps crashing tho!
ken545
2013-12-21, 22:37
If ESET said No Threats found then thats all we need.

Open Flash Player and look for the update tab and update it and see if it fixes it
Soulbound
2013-12-22, 06:23
I had updated it and then the crashing started.
My fathers laptop is also showing the same issue with crashing. Im thinking its just the update that might be bad and need to downgrade it.
ken545
2013-12-22, 11:40
Just try uninstalling it and see if it helps