[azza261]

last week my computer stopped letting me download anything i am using windows vista home premium i have tryed restoring the pc but it crashed and took me hours to get back on i have tryed using malware bytes to try and clean it but that did nothing also any help would be much apreciated thanks

[Advertisements]

Hello, azza261 and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

• Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
  
• Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  
• Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  
• Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  
• Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  
• Finally, enjoy the fight!

stopped letting me download anything

Does it show any messages to you, why file couldn't be downloaded?

Okay, let's start. First of all, I need to run one program, which will provide me with the basic information about current state of your computer. Please, don't remove this program immediately after scan, we will need to launch it many times during Malware removal procedure. Please, follow these steps:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Scan All Users checkbox, which is located near Quick Scan button.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  BASESERVICES
  dir "%systemdrive%\*" /S /A:L /C

• Then click the Run Scan button at the top.
• Let the program run unhindered.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  

[Phel]

Hello, azza261 and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

• Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
  
• Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  
• Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  
• Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  
• Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  
• Finally, enjoy the fight!

stopped letting me download anything

Does it show any messages to you, why file couldn't be downloaded?

Okay, let's start. First of all, I need to run one program, which will provide me with the basic information about current state of your computer. Please, don't remove this program immediately after scan, we will need to launch it many times during Malware removal procedure. Please, follow these steps:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Scan All Users checkbox, which is located near Quick Scan button.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  BASESERVICES
  dir "%systemdrive%\*" /S /A:L /C

• Then click the Run Scan button at the top.
• Let the program run unhindered.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  

[azza261]

thank you when i download something it says it contained a virus and was deleted i will do the other now

[azza261]

hi it wont let me donload that otl either

[Phel]

when i download something it says it contained a virus and was deleted

Okay, this malware is well-known.

Try to download OTL from here.

[azza261]

when i download something it says it contained a virus and was deleted

Okay, this malware is well-known.

Try to download OTL from here.

it has done the same

[Phel]

Then try to download it here.

Do you have another clean computer with access to the internet?

[azza261]

it has done the same again unfortunatley i dont have another computer my computer also says my malware protection it off.

[azza261]

i could try using my phone and putting it on that way

[Phel]

Okay, then, please, wait for a while, I will upload renamed OTL to my Dropbox. Hope that it will help.

[azza261]

what does that mean?

[azza261]

what does that mean?

i have done it from my phone i am just going to scan now

[Phel]

Try to download OTL from here (right mouse click -> Save target as...) to your Desktop. When it's done, rename 123.mp3 file to otl.exe (don't forget to change extension!). After that launch otl.exe.

[azza261]

it says its an mp3 file

[azza261]

OTL logfile created on: 18/08/2013 13:29:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.27% Memory free
6.18 Gb Paging File | 4.56 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 117.63 Gb Free Space | 41.16% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.64 Gb Free Space | 47.47% Space Free | Partition Type: NTFS
Drive E: | 507.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2013/07/29 19:24:20 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/07/26 11:11:20 | 002,847,696 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/06/12 13:06:23 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/28 14:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/01/01 15:40:49 | 000,107,520 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/21 03:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/18 00:40:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 00:40:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 00:20:22 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/26 11:11:20 | 002,847,696 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/07/26 11:10:11 | 002,691,536 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/07/15 17:29:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/03 13:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/07/29 19:24:20 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/26 11:11:20 | 002,847,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/05/28 14:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/01/01 15:40:49 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Vicky\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/22 10:53:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/10/18 18:22:43 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/29 19:24:20 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2010/10/18 18:22:46 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/10/18 18:22:46 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/05/12 10:40:15 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/07/03 13:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...B&cr=1157382831
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{838BF40B-FD99-4F37-8A9B-2CF9B3D9E46C}: "URL" = http://search.sky.co...m={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...B&cr=1157382831
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...9-6CCFF3528268}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=5081023
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{050C47B0-9D1C-44DB-AE13-D4B6D2CDF760}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...EDB00234D80DCFD
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://search.babylo...00000234d80dcfd
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GPEA_en-GB
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-27 17:37:35&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...B&cr=1157382831
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{FDF57497-04CA-49ED-A2C8-7811E39519F7}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5 [2013/08/17 17:13:52 | 000,000,000 | ---D | M]

[2012/06/26 18:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/01/30 21:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/30 21:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
[2013/01/30 21:07:03 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/07/29 15:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/08/17 21:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www1.delta-se...123511&tsp=4961
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0\
CHR - Extension: No name found = C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Vicky\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\blap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC3F55E-ECB3-4F96-BE7D-B931B56006C2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{368EED3A-A405-467B-A691-8FCE285C7384}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70AE71F1-5201-4B51-A8B2-5ED6B8C35DE4}: DhcpNameServer = 88.82.13.12 88.82.13.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 17:20:10 | 000,000,170 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MSETUP4.EXE -- [2012/03/16 14:50:44 | 000,363,120 | R--- | M] (CANON INC.)
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/18 13:14:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 12:47:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/18 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Canon
[2013/08/18 00:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/08/18 00:50:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013/08/18 00:50:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2013/08/18 00:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series User Registration
[2013/08/18 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/08/18 00:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013/08/18 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/08/18 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series Manual
[2013/08/18 00:35:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/08/18 00:34:36 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2013/08/18 00:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series
[2013/08/18 00:33:37 | 000,320,000 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5L.dll
[2013/08/18 00:33:37 | 000,266,752 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5C.dll
[2013/08/18 00:33:37 | 000,096,768 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5I.dll
[2013/08/18 00:33:37 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2013/08/18 00:32:36 | 000,314,880 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMB5.DLL
[2013/08/18 00:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/08/18 00:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/08/18 00:10:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/18 00:10:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/18 00:10:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/18 00:10:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/18 00:10:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/18 00:10:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/18 00:10:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/18 00:10:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/17 23:04:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/08/16 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 19:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/04 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
[2013/08/04 15:27:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/08/04 15:05:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\SoftGrid Client
[2013/08/04 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SoftGrid Client
[2013/08/04 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TP
[2013/08/04 14:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013/08/04 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/07/31 18:17:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\{776d0f5f-79f0-46cb-ba05-582091ad41d2}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/18 13:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 13:21:19 | 000,000,066 | ---- | M] () -- C:\Users\Vicky\Desktop\cmd.bat
[2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 13:06:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/18 13:06:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/18 13:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/18 12:28:43 | 000,001,791 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
[2013/08/18 12:28:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/18 12:28:08 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/08/18 12:27:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 12:27:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 12:27:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/18 00:52:27 | 000,002,624 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2013/08/18 00:43:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/17 21:52:46 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/08/04 16:32:33 | 000,095,107 | ---- | M] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/08/01 13:50:28 | 000,000,000 | ---- | M] () -- C:\end
[2013/07/31 17:30:35 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/29 19:24:20 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/28 18:20:31 | 000,001,105 | ---- | M] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/07/25 03:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/25 03:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/25 03:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/25 03:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/25 03:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/25 03:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/25 03:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/25 03:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/21 21:44:20 | 000,044,032 | ---- | M] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/18 13:21:19 | 000,000,066 | ---- | C] () -- C:\Users\Vicky\Desktop\cmd.bat
[2013/08/18 00:43:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/18 00:33:37 | 000,073,984 | ---- | C] () -- C:\Windows\System32\CNC175FD.TBL
[2013/08/04 16:32:31 | 000,095,107 | ---- | C] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/08/01 13:49:56 | 000,000,000 | ---- | C] () -- C:\end
[2013/07/28 18:20:31 | 000,001,105 | ---- | C] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/03/09 09:28:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/09/11 20:04:23 | 000,384,844 | ---- | C] () -- C:\Users\Vicky\AppData\Local\funmoods-speeddial.crx
[2012/08/27 15:42:04 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/06/10 16:43:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/10 00:03:57 | 000,002,624 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2008/12/11 22:28:26 | 000,005,972 | ---- | C] () -- C:\Users\Vicky\AppData\Local\d3d9caps.dat
[2008/11/29 19:22:58 | 000,044,032 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 03:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 03:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 03:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 05:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 03:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 03:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 03:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 03:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 03:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 03:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 03:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 6EDB-0B0A
Directory of C:\Program Files\Windows Defender
02/11/2006 13:42 <SYMLINKD> en-US [c:\windows\system32\config]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile
23/10/2008 14:59 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/10/2008 14:59 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/10/2008 14:59 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/07/2012 19:33 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/07/2012 19:33 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/07/2012 19:33 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/07/2012 19:33 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/07/2012 19:33 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/07/2012 19:33 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/07/2012 19:33 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
23/10/2008 14:59 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2008 14:59 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/10/2008 14:59 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\Documents
03/07/2012 19:33 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/07/2012 19:33 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/07/2012 19:33 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData
29/11/2008 19:14 <JUNCTION> Application Data [C:\ProgramData]
29/11/2008 19:14 <JUNCTION> Desktop [C:\Users\Public\Desktop]
29/11/2008 19:14 <JUNCTION> Documents [C:\Users\Public\Documents]
29/11/2008 19:14 <JUNCTION> Favorites [C:\Users\Public\Favorites]
29/11/2008 19:14 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
29/11/2008 19:14 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
29/11/2008 19:14 <SYMLINKD> All Users [C:\ProgramData]
29/11/2008 19:14 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
29/11/2008 19:14 <JUNCTION> Application Data [C:\ProgramData]
29/11/2008 19:14 <JUNCTION> Desktop [C:\Users\Public\Desktop]
29/11/2008 19:14 <JUNCTION> Documents [C:\Users\Public\Documents]
29/11/2008 19:14 <JUNCTION> Favorites [C:\Users\Public\Favorites]
29/11/2008 19:14 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
29/11/2008 19:14 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\blap
20/11/2012 21:20 <JUNCTION> Application Data [C:\Users\blap\AppData\Roaming]
20/11/2012 21:20 <JUNCTION> Cookies [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Cookies]
20/11/2012 21:20 <JUNCTION> Local Settings [C:\Users\blap\AppData\Local]
20/11/2012 21:20 <JUNCTION> My Documents [C:\Users\blap\Documents]
20/11/2012 21:20 <JUNCTION> NetHood [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/11/2012 21:20 <JUNCTION> PrintHood [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/11/2012 21:20 <JUNCTION> Recent [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Recent]
20/11/2012 21:20 <JUNCTION> SendTo [C:\Users\blap\AppData\Roaming\Microsoft\Windows\SendTo]
20/11/2012 21:20 <JUNCTION> Start Menu [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Start Menu]
20/11/2012 21:20 <JUNCTION> Templates [C:\Users\blap\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\blap\AppData\Local
20/11/2012 21:20 <JUNCTION> Application Data [C:\Users\blap\AppData\Local]
20/11/2012 21:20 <JUNCTION> History [C:\Users\blap\AppData\Local\Microsoft\Windows\History]
20/11/2012 21:20 <JUNCTION> Temporary Internet Files [C:\Users\blap\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\blap\AppData\LocalLow
20/11/2012 21:27 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\blap\Documents
20/11/2012 21:20 <JUNCTION> My Music [C:\Users\blap\Music]
20/11/2012 21:20 <JUNCTION> My Pictures [C:\Users\blap\Pictures]
20/11/2012 21:20 <JUNCTION> My Videos [C:\Users\blap\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
29/11/2008 19:14 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
29/11/2008 19:14 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
29/11/2008 19:14 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
29/11/2008 19:14 <JUNCTION> My Documents [C:\Users\Default\Documents]
29/11/2008 19:14 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/11/2008 19:14 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/11/2008 19:14 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
29/11/2008 19:14 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
29/11/2008 19:14 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
29/11/2008 19:14 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
29/11/2008 19:14 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
29/11/2008 19:14 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
29/11/2008 19:14 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
29/11/2008 19:14 <JUNCTION> My Music [C:\Users\Default\Music]
29/11/2008 19:14 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
29/11/2008 19:14 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\football
02/09/2012 14:38 <JUNCTION> Application Data [C:\Users\football\AppData\Roaming]
02/09/2012 14:38 <JUNCTION> Cookies [C:\Users\football\AppData\Roaming\Microsoft\Windows\Cookies]
02/09/2012 14:38 <JUNCTION> Local Settings [C:\Users\football\AppData\Local]
02/09/2012 14:38 <JUNCTION> My Documents [C:\Users\football\Documents]
02/09/2012 14:38 <JUNCTION> NetHood [C:\Users\football\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/09/2012 14:38 <JUNCTION> PrintHood [C:\Users\football\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/09/2012 14:38 <JUNCTION> Recent [C:\Users\football\AppData\Roaming\Microsoft\Windows\Recent]
02/09/2012 14:38 <JUNCTION> SendTo [C:\Users\football\AppData\Roaming\Microsoft\Windows\SendTo]
02/09/2012 14:38 <JUNCTION> Start Menu [C:\Users\football\AppData\Roaming\Microsoft\Windows\Start Menu]
02/09/2012 14:38 <JUNCTION> Templates [C:\Users\football\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\football\AppData\Local
02/09/2012 14:38 <JUNCTION> Application Data [C:\Users\football\AppData\Local]
02/09/2012 14:38 <JUNCTION> History [C:\Users\football\AppData\Local\Microsoft\Windows\History]
02/09/2012 14:38 <JUNCTION> Temporary Internet Files [C:\Users\football\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\football\AppData\LocalLow
02/09/2012 15:49 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\football\Documents
02/09/2012 14:38 <JUNCTION> My Music [C:\Users\football\Music]
02/09/2012 14:38 <JUNCTION> My Pictures [C:\Users\football\Pictures]
02/09/2012 14:38 <JUNCTION> My Videos [C:\Users\football\Videos]
0 File(s) 0 bytes
Directory of C:\Users\football.Vicky-PC
29/09/2012 14:10 <JUNCTION> Application Data [C:\Users\football.Vicky-PC\AppData\Roaming]
29/09/2012 14:10 <JUNCTION> Cookies [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Cookies]
29/09/2012 14:10 <JUNCTION> Local Settings [C:\Users\football.Vicky-PC\AppData\Local]
29/09/2012 14:10 <JUNCTION> My Documents [C:\Users\football.Vicky-PC\Documents]
29/09/2012 14:10 <JUNCTION> NetHood [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/09/2012 14:10 <JUNCTION> PrintHood [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/09/2012 14:10 <JUNCTION> Recent [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Recent]
29/09/2012 14:10 <JUNCTION> SendTo [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\SendTo]
29/09/2012 14:10 <JUNCTION> Start Menu [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
29/09/2012 14:10 <JUNCTION> Templates [C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\football.Vicky-PC\AppData\Local
29/09/2012 14:10 <JUNCTION> Application Data [C:\Users\football.Vicky-PC\AppData\Local]
29/09/2012 14:10 <JUNCTION> History [C:\Users\football.Vicky-PC\AppData\Local\Microsoft\Windows\History]
29/09/2012 14:10 <JUNCTION> Temporary Internet Files [C:\Users\football.Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\football.Vicky-PC\AppData\LocalLow
29/09/2012 14:17 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\football.Vicky-PC\Documents
29/09/2012 14:10 <JUNCTION> My Music [C:\Users\football.Vicky-PC\Music]
29/09/2012 14:10 <JUNCTION> My Pictures [C:\Users\football.Vicky-PC\Pictures]
29/09/2012 14:10 <JUNCTION> My Videos [C:\Users\football.Vicky-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\good
24/11/2012 15:58 <JUNCTION> Application Data [C:\Users\good\AppData\Roaming]
24/11/2012 15:58 <JUNCTION> Cookies [C:\Users\good\AppData\Roaming\Microsoft\Windows\Cookies]
24/11/2012 15:58 <JUNCTION> Local Settings [C:\Users\good\AppData\Local]
24/11/2012 15:58 <JUNCTION> My Documents [C:\Users\good\Documents]
24/11/2012 15:58 <JUNCTION> NetHood [C:\Users\good\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
24/11/2012 15:58 <JUNCTION> PrintHood [C:\Users\good\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
24/11/2012 15:58 <JUNCTION> Recent [C:\Users\good\AppData\Roaming\Microsoft\Windows\Recent]
24/11/2012 15:58 <JUNCTION> SendTo [C:\Users\good\AppData\Roaming\Microsoft\Windows\SendTo]
24/11/2012 15:58 <JUNCTION> Start Menu [C:\Users\good\AppData\Roaming\Microsoft\Windows\Start Menu]
24/11/2012 15:58 <JUNCTION> Templates [C:\Users\good\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\good\AppData\Local
24/11/2012 15:58 <JUNCTION> Application Data [C:\Users\good\AppData\Local]
24/11/2012 15:58 <JUNCTION> History [C:\Users\good\AppData\Local\Microsoft\Windows\History]
24/11/2012 15:58 <JUNCTION> Temporary Internet Files [C:\Users\good\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\good\Documents
24/11/2012 15:58 <JUNCTION> My Music [C:\Users\good\Music]
24/11/2012 15:58 <JUNCTION> My Pictures [C:\Users\good\Pictures]
24/11/2012 15:58 <JUNCTION> My Videos [C:\Users\good\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
29/09/2012 14:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
29/09/2012 14:07 <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
29/09/2012 14:07 <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
29/09/2012 14:07 <JUNCTION> My Documents [C:\Users\Guest\Documents]
29/09/2012 14:07 <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/09/2012 14:07 <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/09/2012 14:07 <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
29/09/2012 14:07 <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
29/09/2012 14:07 <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
29/09/2012 14:07 <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
29/09/2012 14:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
29/09/2012 14:07 <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
29/09/2012 14:07 <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
29/09/2012 14:07 <JUNCTION> My Music [C:\Users\Guest\Music]
29/09/2012 14:07 <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
29/09/2012 14:07 <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\new
28/10/2012 16:53 <JUNCTION> Application Data [C:\Users\new\AppData\Roaming]
28/10/2012 16:53 <JUNCTION> Cookies [C:\Users\new\AppData\Roaming\Microsoft\Windows\Cookies]
28/10/2012 16:53 <JUNCTION> Local Settings [C:\Users\new\AppData\Local]
28/10/2012 16:53 <JUNCTION> My Documents [C:\Users\new\Documents]
28/10/2012 16:53 <JUNCTION> NetHood [C:\Users\new\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28/10/2012 16:53 <JUNCTION> PrintHood [C:\Users\new\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/10/2012 16:53 <JUNCTION> Recent [C:\Users\new\AppData\Roaming\Microsoft\Windows\Recent]
28/10/2012 16:53 <JUNCTION> SendTo [C:\Users\new\AppData\Roaming\Microsoft\Windows\SendTo]
28/10/2012 16:53 <JUNCTION> Start Menu [C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu]
28/10/2012 16:53 <JUNCTION> Templates [C:\Users\new\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\new\AppData\Local
28/10/2012 16:53 <JUNCTION> Application Data [C:\Users\new\AppData\Local]
28/10/2012 16:53 <JUNCTION> History [C:\Users\new\AppData\Local\Microsoft\Windows\History]
28/10/2012 16:53 <JUNCTION> Temporary Internet Files [C:\Users\new\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\new\AppData\LocalLow
28/10/2012 16:59 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\new\Documents
28/10/2012 16:53 <JUNCTION> My Music [C:\Users\new\Music]
28/10/2012 16:53 <JUNCTION> My Pictures [C:\Users\new\Pictures]
28/10/2012 16:53 <JUNCTION> My Videos [C:\Users\new\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
29/11/2008 19:14 <JUNCTION> My Music [C:\Users\Public\Music]
29/11/2008 19:14 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
29/11/2008 19:14 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Vicky
29/11/2008 19:15 <JUNCTION> Application Data [C:\Users\Vicky\AppData\Roaming]
29/11/2008 19:15 <JUNCTION> Cookies [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Cookies]
29/11/2008 19:15 <JUNCTION> Local Settings [C:\Users\Vicky\AppData\Local]
29/11/2008 19:15 <JUNCTION> My Documents [C:\Users\Vicky\Documents]
29/11/2008 19:15 <JUNCTION> NetHood [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/11/2008 19:15 <JUNCTION> PrintHood [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/11/2008 19:15 <JUNCTION> Recent [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Recent]
29/11/2008 19:15 <JUNCTION> SendTo [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\SendTo]
29/11/2008 19:15 <JUNCTION> Start Menu [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu]
29/11/2008 19:15 <JUNCTION> Templates [C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Vicky\AppData\Local
29/11/2008 19:15 <JUNCTION> Application Data [C:\Users\Vicky\AppData\Local]
29/11/2008 19:15 <JUNCTION> History [C:\Users\Vicky\AppData\Local\Microsoft\Windows\History]
29/11/2008 19:15 <JUNCTION> Temporary Internet Files [C:\Users\Vicky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Vicky\AppData\LocalLow
13/09/2011 19:24 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Vicky\Documents
29/11/2008 19:15 <JUNCTION> My Music [C:\Users\Vicky\Music]
29/11/2008 19:15 <JUNCTION> My Pictures [C:\Users\Vicky\Pictures]
29/11/2008 19:15 <JUNCTION> My Videos [C:\Users\Vicky\Videos]
0 File(s) 0 bytes
Directory of C:\Users\work
03/11/2012 13:36 <JUNCTION> Application Data [C:\Users\work\AppData\Roaming]
03/11/2012 13:36 <JUNCTION> Cookies [C:\Users\work\AppData\Roaming\Microsoft\Windows\Cookies]
03/11/2012 13:36 <JUNCTION> Local Settings [C:\Users\work\AppData\Local]
03/11/2012 13:36 <JUNCTION> My Documents [C:\Users\work\Documents]
03/11/2012 13:36 <JUNCTION> NetHood [C:\Users\work\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/11/2012 13:36 <JUNCTION> PrintHood [C:\Users\work\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/11/2012 13:36 <JUNCTION> Recent [C:\Users\work\AppData\Roaming\Microsoft\Windows\Recent]
03/11/2012 13:36 <JUNCTION> SendTo [C:\Users\work\AppData\Roaming\Microsoft\Windows\SendTo]
03/11/2012 13:36 <JUNCTION> Start Menu [C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu]
03/11/2012 13:36 <JUNCTION> Templates [C:\Users\work\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\work\AppData\Local
03/11/2012 13:36 <JUNCTION> Application Data [C:\Users\work\AppData\Local]
03/11/2012 13:36 <JUNCTION> History [C:\Users\work\AppData\Local\Microsoft\Windows\History]
03/11/2012 13:36 <JUNCTION> Temporary Internet Files [C:\Users\work\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\work\AppData\LocalLow
03/11/2012 13:38 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\work\Documents
03/11/2012 13:36 <JUNCTION> My Music [C:\Users\work\Music]
03/11/2012 13:36 <JUNCTION> My Pictures [C:\Users\work\Pictures]
03/11/2012 13:36 <JUNCTION> My Videos [C:\Users\work\Videos]
0 File(s) 0 bytes
Directory of C:\Users\work pleas
31/10/2012 21:43 <JUNCTION> Application Data [C:\Users\work pleas\AppData\Roaming]
31/10/2012 21:43 <JUNCTION> Cookies [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Cookies]
31/10/2012 21:43 <JUNCTION> Local Settings [C:\Users\work pleas\AppData\Local]
31/10/2012 21:43 <JUNCTION> My Documents [C:\Users\work pleas\Documents]
31/10/2012 21:43 <JUNCTION> NetHood [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/10/2012 21:43 <JUNCTION> PrintHood [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/10/2012 21:43 <JUNCTION> Recent [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Recent]
31/10/2012 21:43 <JUNCTION> SendTo [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\SendTo]
31/10/2012 21:43 <JUNCTION> Start Menu [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Start Menu]
31/10/2012 21:43 <JUNCTION> Templates [C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\work pleas\AppData\Local
31/10/2012 21:43 <JUNCTION> Application Data [C:\Users\work pleas\AppData\Local]
31/10/2012 21:43 <JUNCTION> History [C:\Users\work pleas\AppData\Local\Microsoft\Windows\History]
31/10/2012 21:43 <JUNCTION> Temporary Internet Files [C:\Users\work pleas\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\work pleas\AppData\LocalLow
31/10/2012 21:48 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\work pleas\Documents
31/10/2012 21:43 <JUNCTION> My Music [C:\Users\work pleas\Music]
31/10/2012 21:43 <JUNCTION> My Pictures [C:\Users\work pleas\Pictures]
31/10/2012 21:43 <JUNCTION> My Videos [C:\Users\work pleas\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
23/10/2008 14:59 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/10/2008 14:59 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/10/2008 14:59 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/07/2012 19:33 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/07/2012 19:33 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/07/2012 19:33 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/07/2012 19:33 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/07/2012 19:33 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/07/2012 19:33 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/07/2012 19:33 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
23/10/2008 14:59 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2008 14:59 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/10/2008 14:59 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/07/2012 19:33 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/07/2012 19:33 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/07/2012 19:33 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
217 Dir(s) 126,305,841,152 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >