OTL logfile created on: 4/29/2014 11:01:56 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\fire\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.91% Memory free 4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153.38 Gb Total Space | 97.33 Gb Free Space | 63.46% Space Free | Partition Type: NTFS Computer Name: CAIA137A-PC | User Name: fire | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/04/29 10:45:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fire\Desktop\OTL.exe PRC - [2014/04/28 16:20:49 | 002,557,976 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2014/04/28 16:20:49 | 001,801,240 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe PRC - [2014/04/28 16:20:49 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013/10/23 02:06:16 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/02/06 14:32:34 | 000,136,784 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe PRC - [2013/01/31 05:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013/01/31 05:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe PRC - [2010/03/09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/04/29 09:46:04 | 000,805,888 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._gdi_.pyd MOD - [2014/04/29 09:46:04 | 000,026,624 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_multiprocessing.pyd MOD - [2014/04/29 09:46:03 | 001,157,120 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_ssl.pyd MOD - [2014/04/29 09:46:03 | 001,062,400 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._controls_.pyd MOD - [2014/04/29 09:46:03 | 000,811,008 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._windows_.pyd MOD - [2014/04/29 09:46:03 | 000,712,192 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_hashlib.pyd MOD - [2014/04/29 09:46:03 | 000,686,080 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\unicodedata.pyd MOD - [2014/04/29 09:46:03 | 000,110,080 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\pywintypes27.dll MOD - [2014/04/29 09:46:03 | 000,087,040 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_ctypes.pyd MOD - [2014/04/29 09:46:03 | 000,070,656 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._html2.pyd MOD - [2014/04/29 09:46:03 | 000,038,912 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32inet.pyd MOD - [2014/04/29 09:46:03 | 000,035,840 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32process.pyd MOD - [2014/04/29 09:46:03 | 000,025,600 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32pdh.pyd MOD - [2014/04/29 09:46:03 | 000,024,064 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32pipe.pyd MOD - [2014/04/29 09:46:02 | 000,525,640 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\windows._lib_cacheinvalidation.pyd MOD - [2014/04/29 09:46:02 | 000,128,512 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_elementtree.pyd MOD - [2014/04/29 09:46:02 | 000,127,488 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\pyexpat.pyd MOD - [2014/04/29 09:46:02 | 000,119,808 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32file.pyd MOD - [2014/04/29 09:46:02 | 000,108,544 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32security.pyd MOD - [2014/04/29 09:46:02 | 000,098,816 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32api.pyd MOD - [2014/04/29 09:46:02 | 000,044,032 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\_socket.pyd MOD - [2014/04/29 09:46:02 | 000,018,432 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32event.pyd MOD - [2014/04/29 09:46:02 | 000,017,408 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32profile.pyd MOD - [2014/04/29 09:46:02 | 000,010,240 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\select.pyd MOD - [2014/04/29 09:46:01 | 001,175,040 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._core_.pyd MOD - [2014/04/29 09:46:01 | 000,557,056 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\pysqlite2._sqlite.pyd MOD - [2014/04/29 09:46:01 | 000,364,544 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\pythoncom27.dll MOD - [2014/04/29 09:46:01 | 000,320,512 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32com.shell.shell.pyd MOD - [2014/04/29 09:46:01 | 000,022,528 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32ts.pyd MOD - [2014/04/29 09:46:00 | 000,735,232 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._misc_.pyd MOD - [2014/04/29 09:46:00 | 000,122,368 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\wx._wizard.pyd MOD - [2014/04/29 09:46:00 | 000,011,264 | ---- | M] () -- C:\Users\fire\AppData\Local\Temp\_MEI31682\win32crypt.pyd MOD - [2014/04/28 16:20:49 | 002,557,976 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2014/04/28 16:20:49 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2014/04/28 18:12:55 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/04/28 16:20:49 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0) SRV - [2014/04/03 20:57:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/03/06 03:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/02/06 14:32:34 | 000,136,784 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost) SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010/08/31 00:52:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2014/04/28 16:20:49 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/09/14 10:32:14 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2012/09/14 10:32:10 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/08/19 05:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011/08/19 05:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/07/28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/10/07 08:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus) DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 3C F8 97 04 CE 01 [binary data] IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z2hawUUy5qAhL5jhiHEXYOeDB5g?q={searchTerms} IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C2C9F53A-90FE-42BF-B22C-BF34D568ACA4}&mid=11f09e8caa7447d08f68d1509d25eb2c-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-12-27 19:23:10&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.firehouse.com/" FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.94.56 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.1.0.443 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\fire\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\fire\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 [2014/04/28 16:21:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/04/03 20:57:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/03 20:57:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/04/03 20:57:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/03 20:57:50 | 000,000,000 | ---D | M] [2011/12/08 23:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Extensions [2014/04/16 14:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions [2014/04/16 14:51:36 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData [2014/04/24 09:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins [2014/04/24 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\Firefox\Profiles\177mxbny.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode [2012/01/05 22:38:18 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\fire\AppData\Roaming\mozilla\firefox\profiles\177mxbny.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014/04/03 20:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/04/03 20:57:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/04/28 16:21:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\18.1.0.443 [2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com/ CHR - Extension: No name found = C:\Users\fire\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\fire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\fire\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\fire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\fire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1005..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2225269791-2009093609-3263988465-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.55.2) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://caia.webex.com/client/T27LB/webex/ieatgpc1.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDC6621C-335D-4E96-AD1C-DBF8787A3DC1}: DhcpNameServer = 10.0.0.2 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/04/29 10:44:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\fire\Desktop\OTL.exe [2014/04/29 09:37:01 | 000,000,000 | ---D | C] -- C:\Users\fire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2014/04/29 09:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2014/04/28 16:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2014/04/28 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2014/04/24 18:46:22 | 000,000,000 | -HSD | C] -- C:\Users\fire\AppData\Local\EmieUserList [2014/04/24 18:46:22 | 000,000,000 | -HSD | C] -- C:\Users\fire\AppData\Local\EmieSiteList [2014/04/24 11:40:07 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014/04/24 11:40:00 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014/04/24 11:40:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014/04/24 11:40:00 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014/04/24 10:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2014/04/24 10:23:37 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2014/04/24 10:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014/04/24 10:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2014/04/24 10:21:34 | 000,000,000 | ---D | C] -- C:\Users\fire\AppData\Local\Programs [2014/04/17 22:10:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014/04/17 22:10:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014/04/17 22:10:44 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014/04/17 22:10:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014/04/17 22:10:42 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014/04/17 22:10:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014/04/17 22:10:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014/04/17 22:10:41 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014/04/17 22:10:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014/04/17 22:10:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014/04/17 22:10:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014/04/17 22:10:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014/04/17 22:10:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014/04/17 22:10:39 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014/04/17 22:10:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014/04/17 22:10:39 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014/04/17 22:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014/04/17 22:10:39 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014/04/17 22:10:33 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014/04/17 22:10:28 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014/04/16 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2014/04/15 13:35:26 | 000,182,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2014/04/10 09:40:59 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2014/04/10 09:40:59 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2014/04/10 09:40:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll [2014/04/03 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/04/29 11:00:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1712UA.job [2014/04/29 10:57:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1229UA.job [2014/04/29 10:49:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1230UA.job [2014/04/29 10:45:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fire\Desktop\OTL.exe [2014/04/29 10:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2225269791-2009093609-3263988465-1002UA.job [2014/04/29 10:30:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/04/29 10:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1289UA.job [2014/04/29 10:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/04/29 10:09:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-2160UA.job [2014/04/29 10:06:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1710UA.job [2014/04/29 09:54:10 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/04/29 09:54:10 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/04/29 09:45:46 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/04/29 09:45:41 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2014/04/29 09:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/04/29 09:45:19 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys [2014/04/29 09:37:01 | 000,002,959 | ---- | M] () -- C:\Users\fire\Desktop\HiJackThis.lnk [2014/04/29 09:22:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1289Core.job [2014/04/28 18:12:55 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014/04/28 18:12:55 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014/04/28 16:30:13 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2014/04/28 16:21:21 | 000,003,728 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2014/04/28 16:20:49 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2014/04/24 18:49:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/04/24 11:09:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-2160Core.job [2014/04/24 11:06:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1710Core.job [2014/04/24 10:23:44 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014/04/22 15:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1229Core.job [2014/04/22 15:00:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1712Core.job [2014/04/22 14:49:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1230Core.job [2014/04/22 13:39:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2225269791-2009093609-3263988465-1002Core.job [2014/04/16 14:52:57 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014/04/10 09:30:11 | 000,024,242 | ---- | M] () -- C:\Users\fire\Desktop\ed23i1jzcxzgin553x0kzbqq_4.TIF [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/04/29 09:37:01 | 000,002,959 | ---- | C] () -- C:\Users\fire\Desktop\HiJackThis.lnk [2014/04/24 10:23:44 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2014/04/24 10:23:44 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014/04/16 14:52:57 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2014/04/10 09:28:49 | 000,024,242 | ---- | C] () -- C:\Users\fire\Desktop\ed23i1jzcxzgin553x0kzbqq_4.TIF [2013/11/21 21:23:46 | 000,595,160 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll [2013/11/21 21:23:42 | 000,589,960 | ---- | C] () -- C:\Windows\System32\brgrt.dll [2013/06/26 09:44:45 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2012/12/20 20:47:41 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012/12/20 20:47:41 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012/12/20 20:45:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012/12/20 20:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012/12/20 20:45:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012/12/20 20:45:23 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012/12/20 20:45:22 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012/09/18 20:16:10 | 000,004,096 | -H-- | C] () -- C:\Users\fire\AppData\Local\keyfile3.drm [2010/09/15 09:11:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/08/27 11:45:28 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/01/10 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/10 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/08/15 10:35:16 | 000,000,000 | ---D | M] -- C:\Users\failsafe\AppData\Roaming\AVG2013 [2013/08/15 10:35:16 | 000,000,000 | ---D | M] -- C:\Users\failsafe\AppData\Roaming\ControlCenter4 [2013/01/10 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\failsafe\AppData\Roaming\TuneUp Software [2012/12/27 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\AVG2013 [2014/02/11 13:05:57 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\Blackboard [2012/12/20 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\ControlCenter4 [2013/11/21 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\Diploma [2012/12/27 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\Nuance [2012/12/27 20:23:21 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\TuneUp Software [2012/12/27 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\fire\AppData\Roaming\Zeon [2011/10/01 16:19:40 | 000,000,000 | ---D | M] -- C:\Users\kchampagne\AppData\Roaming\.purple [2011/09/18 05:10:25 | 000,000,000 | ---D | M] -- C:\Users\kchampagne\AppData\Roaming\FileZilla [2010/11/19 16:49:22 | 000,000,000 | ---D | M] -- C:\Users\kchampagne\AppData\Roaming\IrfanView [2011/03/16 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\kchampagne\AppData\Roaming\webex [2010/09/12 10:03:49 | 000,000,000 | ---D | M] -- C:\Users\kchampagne\AppData\Roaming\Windows Small Business Server [2013/01/10 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2010/11/20 08:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2013/09/24 20:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso) SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm) SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler) SRV - [2013/09/24 20:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2013/09/24 20:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder) SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog) SRV - [2010/11/20 08:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc) SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver) SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt) SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc) SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< c:\program files (x86)\Google\Desktop >[/color] [2009/07/14 00:53:46 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/07/14 00:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010/08/30 15:51:16 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-2160Core.job [2010/08/30 15:51:18 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-2160UA.job [2010/09/27 15:11:23 | 000,000,868 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1229Core.job [2010/09/27 15:11:24 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1229UA.job [2011/01/05 13:56:49 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1710Core.job [2011/01/05 13:56:51 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1710UA.job [2011/05/13 11:06:35 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1289Core.job [2011/05/13 11:06:36 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1289UA.job [2011/08/31 14:44:54 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1230Core.job [2011/08/31 14:44:55 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1230UA.job [2011/09/22 14:55:02 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1712Core.job [2011/09/22 14:55:05 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769339391-3446523768-2773960801-1712UA.job [2011/12/08 23:33:52 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2225269791-2009093609-3263988465-1002Core.job [2011/12/08 23:33:55 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2225269791-2009093609-3263988465-1002UA.job [2012/06/07 19:03:29 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013/06/03 08:02:02 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/11/09 16:07:17 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013/11/09 16:07:19 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [color=#A23BEC]< c:\program files\Google\Desktop >[/color] [color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color] Volume in drive C has no label. Volume Serial Number is 245F-80E5 Directory of C:\ 07/14/2009 12:53 AM Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 07/14/2009 12:53 AM Application Data [C:\ProgramData] 07/14/2009 12:53 AM Desktop [C:\Users\Public\Desktop] 07/14/2009 12:53 AM Documents [C:\Users\Public\Documents] 07/14/2009 12:53 AM Favorites [C:\Users\Public\Favorites] 07/14/2009 12:53 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 07/14/2009 12:53 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 07/14/2009 12:53 AM All Users [C:\ProgramData] 07/14/2009 12:53 AM Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 07/14/2009 12:53 AM Application Data [C:\ProgramData] 07/14/2009 12:53 AM Desktop [C:\Users\Public\Desktop] 07/14/2009 12:53 AM Documents [C:\Users\Public\Documents] 07/14/2009 12:53 AM Favorites [C:\Users\Public\Favorites] 07/14/2009 12:53 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 07/14/2009 12:53 AM Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\CAIA137A 08/27/2010 11:41 AM Application Data [C:\Users\CAIA137A\AppData\Roaming] 08/27/2010 11:41 AM Cookies [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Cookies] 08/27/2010 11:41 AM Local Settings [C:\Users\CAIA137A\AppData\Local] 08/27/2010 11:41 AM My Documents [C:\Users\CAIA137A\Documents] 08/27/2010 11:41 AM NetHood [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 08/27/2010 11:41 AM PrintHood [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08/27/2010 11:41 AM Recent [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Recent] 08/27/2010 11:41 AM SendTo [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\SendTo] 08/27/2010 11:41 AM Start Menu [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Start Menu] 08/27/2010 11:41 AM Templates [C:\Users\CAIA137A\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\CAIA137A\AppData\Local 08/27/2010 11:41 AM Application Data [C:\Users\CAIA137A\AppData\Local] 08/27/2010 11:41 AM History [C:\Users\CAIA137A\AppData\Local\Microsoft\Windows\History] 08/27/2010 11:41 AM Temporary Internet Files [C:\Users\CAIA137A\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\CAIA137A\Documents 08/27/2010 11:41 AM My Music [C:\Users\CAIA137A\Music] 08/27/2010 11:41 AM My Pictures [C:\Users\CAIA137A\Pictures] 08/27/2010 11:41 AM My Videos [C:\Users\CAIA137A\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default 07/14/2009 12:53 AM Application Data [C:\Users\Default\AppData\Roaming] 07/14/2009 12:53 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 07/14/2009 12:53 AM Local Settings [C:\Users\Default\AppData\Local] 07/14/2009 12:53 AM My Documents [C:\Users\Default\Documents] 07/14/2009 12:53 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 07/14/2009 12:53 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 07/14/2009 12:53 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 07/14/2009 12:53 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 07/14/2009 12:53 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 07/14/2009 12:53 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 07/14/2009 12:53 AM Application Data [C:\Users\Default\AppData\Local] 07/14/2009 12:53 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 07/14/2009 12:53 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 07/14/2009 12:53 AM My Music [C:\Users\Default\Music] 07/14/2009 12:53 AM My Pictures [C:\Users\Default\Pictures] 07/14/2009 12:53 AM My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\failsafe 08/15/2013 10:34 AM Application Data [C:\Users\failsafe\AppData\Roaming] 08/15/2013 10:34 AM Cookies [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Cookies] 08/15/2013 10:34 AM Local Settings [C:\Users\failsafe\AppData\Local] 08/15/2013 10:34 AM My Documents [C:\Users\failsafe\Documents] 08/15/2013 10:34 AM NetHood [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 08/15/2013 10:34 AM PrintHood [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 08/15/2013 10:34 AM Recent [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Recent] 08/15/2013 10:34 AM SendTo [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\SendTo] 08/15/2013 10:34 AM Start Menu [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Start Menu] 08/15/2013 10:34 AM Templates [C:\Users\failsafe\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\failsafe\AppData\Local 08/15/2013 10:34 AM Application Data [C:\Users\failsafe\AppData\Local] 08/15/2013 10:34 AM History [C:\Users\failsafe\AppData\Local\Microsoft\Windows\History] 08/15/2013 10:34 AM Temporary Internet Files [C:\Users\failsafe\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\failsafe\Documents 08/15/2013 10:34 AM My Music [C:\Users\failsafe\Music] 08/15/2013 10:34 AM My Pictures [C:\Users\failsafe\Pictures] 08/15/2013 10:34 AM My Videos [C:\Users\failsafe\Videos] 0 File(s) 0 bytes Directory of C:\Users\fire 12/08/2011 11:29 PM Application Data [C:\Users\fire\AppData\Roaming] 12/08/2011 11:29 PM Cookies [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Cookies] 12/08/2011 11:29 PM Local Settings [C:\Users\fire\AppData\Local] 12/08/2011 11:29 PM My Documents [C:\Users\fire\Documents] 12/08/2011 11:29 PM NetHood [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 12/08/2011 11:29 PM PrintHood [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 12/08/2011 11:29 PM Recent [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Recent] 12/08/2011 11:29 PM SendTo [C:\Users\fire\AppData\Roaming\Microsoft\Windows\SendTo] 12/08/2011 11:29 PM Start Menu [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Start Menu] 12/08/2011 11:29 PM Templates [C:\Users\fire\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\fire\AppData\Local 12/08/2011 11:29 PM Application Data [C:\Users\fire\AppData\Local] 12/08/2011 11:29 PM History [C:\Users\fire\AppData\Local\Microsoft\Windows\History] 12/08/2011 11:29 PM Temporary Internet Files [C:\Users\fire\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\fire\Documents 12/08/2011 11:29 PM My Music [C:\Users\fire\Music] 12/08/2011 11:29 PM My Pictures [C:\Users\fire\Pictures] 12/08/2011 11:29 PM My Videos [C:\Users\fire\Videos] 0 File(s) 0 bytes Directory of C:\Users\john 03/16/2012 10:37 AM Application Data [C:\Users\john\AppData\Roaming] 03/16/2012 10:37 AM Cookies [C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies] 03/16/2012 10:37 AM Local Settings [C:\Users\john\AppData\Local] 03/16/2012 10:37 AM My Documents [C:\Users\john\Documents] 03/16/2012 10:37 AM NetHood [C:\Users\john\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 03/16/2012 10:37 AM PrintHood [C:\Users\john\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 03/16/2012 10:37 AM Recent [C:\Users\john\AppData\Roaming\Microsoft\Windows\Recent] 03/16/2012 10:37 AM SendTo [C:\Users\john\AppData\Roaming\Microsoft\Windows\SendTo] 03/16/2012 10:37 AM Start Menu [C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu] 03/16/2012 10:37 AM Templates [C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\john\AppData\Local 03/16/2012 10:37 AM Application Data [C:\Users\john\AppData\Local] 03/16/2012 10:37 AM History [C:\Users\john\AppData\Local\Microsoft\Windows\History] 03/16/2012 10:37 AM Temporary Internet Files [C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\john\Documents 03/16/2012 10:37 AM My Music [C:\Users\john\Music] 03/16/2012 10:37 AM My Pictures [C:\Users\john\Pictures] 03/16/2012 10:37 AM My Videos [C:\Users\john\Videos] 0 File(s) 0 bytes Directory of C:\Users\kchampagne 09/16/2010 01:53 PM Application Data [C:\Users\kchampagne\AppData\Roaming] 09/16/2010 01:53 PM Cookies [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Cookies] 09/16/2010 01:53 PM Local Settings [C:\Users\kchampagne\AppData\Local] 09/16/2010 01:53 PM NetHood [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 09/16/2010 01:53 PM PrintHood [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 09/16/2010 01:53 PM Recent [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Recent] 09/16/2010 01:53 PM SendTo [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\SendTo] 09/16/2010 01:53 PM Start Menu [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Start Menu] 09/16/2010 01:53 PM Templates [C:\Users\kchampagne\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\kchampagne\AppData\Local 09/16/2010 01:53 PM Application Data [C:\Users\kchampagne\AppData\Local] 09/16/2010 01:53 PM History [C:\Users\kchampagne\AppData\Local\Microsoft\Windows\History] 09/16/2010 01:53 PM Temporary Internet Files [C:\Users\kchampagne\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 07/14/2009 12:53 AM My Music [C:\Users\Public\Music] 07/14/2009 12:53 AM My Pictures [C:\Users\Public\Pictures] 07/14/2009 12:53 AM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser 04/18/2013 10:15 PM Application Data [C:\Users\UpdatusUser\AppData\Roaming] 04/18/2013 10:15 PM Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies] 04/18/2013 10:15 PM Local Settings [C:\Users\UpdatusUser\AppData\Local] 04/18/2013 10:15 PM My Documents [C:\Users\UpdatusUser\Documents] 04/18/2013 10:15 PM NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 04/18/2013 10:15 PM PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 04/18/2013 10:15 PM Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent] 04/18/2013 10:15 PM SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo] 04/18/2013 10:15 PM Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu] 04/18/2013 10:15 PM Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser\AppData\Local 04/18/2013 10:15 PM Application Data [C:\Users\UpdatusUser\AppData\Local] 04/18/2013 10:15 PM History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History] 04/18/2013 10:15 PM Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser\Documents 04/18/2013 10:15 PM My Music [C:\Users\UpdatusUser\Music] 04/18/2013 10:15 PM My Pictures [C:\Users\UpdatusUser\Pictures] 04/18/2013 10:15 PM My Videos [C:\Users\UpdatusUser\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 126 Dir(s) 104,443,977,728 bytes free [color=#A23BEC]< MD5 for: RPCSS.DLL >[/color] [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll [2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll < End of report >