Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Everything I try to download has a virus..

Started by Chaze , Sep 05 2013 04:22 PM

  • Please log in to reply

#1
Chaze
Posted 05 September 2013 - 04:22 PM

Chaze

    Member

  • Member
  • PipPipPip
  • 154 posts
I know this topic has been covered in the past.. Figured its my turn to post logs and try to resolve these issues. Any help will be appreciated.
  • 0

Advertisements

#2
Phel
Posted 06 September 2013 - 06:45 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, Chaze and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

  • Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer. :)
  • Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
  • Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
  • Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
  • Please note, that I'm currently in training. It doesn't mean that my help will be worse than expert help. My posts are carefully checked by experts before they are posted. Please note, that my replies sometimes can come with delays. However, usually it takes less than 24 hours to revise my message by expert and post to you it.
  • Finally, enjoy the fight! ;)
Okay, let's start. Try following these steps:

  • Download this file to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
dir C:\ /S /A:L /C
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#3
Chaze
Posted 09 September 2013 - 03:25 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
as the title reads....i cant download anything. I will dl to flash drive
  • 0

#4
Chaze
Posted 09 September 2013 - 04:04 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
OTL Extras logfile created on: 9/9/2013 5:43:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 47.40% Memory free
6.71 Gb Paging File | 5.24 Gb Available in Paging File | 78.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.02 Gb Total Space | 15.71 Gb Free Space | 7.05% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.07 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive F: | 4.65 Gb Total Space | 2.87 Gb Free Space | 61.65% Space Free | Partition Type: FAT32

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{6060E4F6-9629-4F9D-934F-A689746939CD}" = BlackBerry Desktop Software 4.1
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Any Video Converter_is1" = Any Video Converter 2.7.0
"AutoGK" = Auto Gordian Knot 2.45
"AVG" = AVG 2013
"Belarc Advisor" = Belarc Advisor 8.2
"BlackBerry_{6060E4F6-9629-4F9D-934F-A689746939CD}" = BlackBerry Desktop Software 4.1
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DICE Firmware Updater" = DICE Firmware Updater 3.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Optimum Online net guide" = Optimum Online net guide
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RealPlayer 16.0" = RealPlayer
"Recuva" = Recuva
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me
"UnityWebPlayer" = Unity Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2013 5:42:33 AM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 05:42:33.492]: [00002124]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.12]

Error - 9/9/2013 5:53:05 AM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 05:53:05.402]: [00002124]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.12]

Error - 9/9/2013 6:59:37 AM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 06:59:37.116]: [00002124]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.12]

Error - 9/9/2013 6:59:42 AM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 06:59:42.389]: [00002124]: GetDeviceIpAddress:
GetAddressByName [BRW9439E544D007] Error

Error - 9/9/2013 12:10:25 PM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 12:10:25.373]: [00002124]: GetDeviceIpAddress:
GetAddressByName [BRW9439E544D007] Error

Error - 9/9/2013 12:10:54 PM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 12:10:54.529]: [00002124]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.12]

Error - 9/9/2013 12:11:00 PM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 12:11:00.597]: [00002124]: GetDeviceIpAddress:
GetAddressByName [BRW9439E544D007] Error

Error - 9/9/2013 2:43:01 PM | Computer Name = Chaze-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/09/09 14:43:01.169]: [00002124]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.12]

Error - 9/9/2013 5:05:22 PM | Computer Name = Chaze-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/9/2013 5:17:11 PM | Computer Name = Chaze-PC | Source = Application Error | ID = 1000
Description = Faulting application uaqylu, version 2.4.3.0, time stamp 0x522e1043,
faulting module gdiplus.dll, version 5.2.6002.18813, time stamp 0x515ba857, exception
code 0xc0000005, fault offset 0x000174b2, process id 0xf04, application start time
0x01ceada0f119e5f0.

[ Media Center Events ]
Error - 6/9/2009 7:55:52 PM | Computer Name = Chaze-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 4:43:53 PM | Computer Name = Chaze-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:56:37 PM | Computer Name = Chaze-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/16/2010 7:33:42 PM | Computer Name = Chaze-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/23/2010 11:00:22 PM | Computer Name = Chaze-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 9/7/2013 3:08:58 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 9/7/2013 3:08:58 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/7/2013 3:08:58 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/7/2013 3:09:56 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/8/2013 12:10:41 PM | Computer Name = Chaze-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00219B0F09D0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2013 12:12:27 PM | Computer Name = Chaze-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 0023547A594F has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2013 10:49:00 PM | Computer Name = Chaze-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.5 for the Network Card with network
address 0023547A594F has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/9/2013 5:43:59 AM | Computer Name = Chaze-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 0023547A594F has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/9/2013 6:59:40 AM | Computer Name = Chaze-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00219B0F09D0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/9/2013 5:04:54 PM | Computer Name = Chaze-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#5
Chaze
Posted 09 September 2013 - 04:04 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
OTL logfile created on: 9/9/2013 5:43:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 47.40% Memory free
6.71 Gb Paging File | 5.24 Gb Available in Paging File | 78.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.02 Gb Total Space | 15.71 Gb Free Space | 7.05% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.07 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive F: | 4.65 Gb Total Space | 2.87 Gb Free Space | 61.65% Space Free | Partition Type: FAT32

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/09 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/29 00:24:21 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/17 18:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/12/17 17:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/12/23 15:36:46 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2013/08/21 10:13:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/12/19 16:40:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/12/19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes,DefaultScope = {CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{171D6F96-C91A-4D00-96AF-99A604F76DEE}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8014
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{65088F79-9DFB-49BF-A685-75016B386FD5}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{8275EA20-3050-4B68-AC97-4D0614AB418E}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{7D769AB1-59B0-4012-A45B-FD3BB9301EB7}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{9D0B5ABE-3D89-45D9-B2A6-A1BE22261642}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{C74BD767-D166-42AF-8FA9-5296B833C18B}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{9639F405-66F9-49E8-9188-4C836D3AEBA1}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{AC72EF8F-A1FE-4B9E-B1A6-F37F39FEE862}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{ACB3A3B8-5973-4C25-A894-02B513EFF371}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{5043F1C5-E400-40C5-8FE3-0C3A917FE562}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce7fbc
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{E26B96E3-DE84-4178-827D-D11117EC944A}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{EA0847E3-4E0C-4132-83E2-F8BE39798212}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=5081219
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5081219
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8015
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=5081219
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5081219
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8015
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/29 00:26:14 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1002..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1020..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O4 - Startup: C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A473169A-3ED7-40A7-8CCB-5F9DFEE85E16}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAA0DFE2-D90D-4CB1-8B6B-DC1495BD98F5}: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 14:11:20 | 000,020,480 | ---- | M] () - F:\Autobio.odt -- [ FAT32 ]
O33 - MountPoints2\{2fecaaa9-d680-11dd-a9db-00219b0f09d0}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{6e319db3-1192-11de-8dc4-00219b0f09d0}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{6e319db3-1192-11de-8dc4-00219b0f09d0}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/09 17:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG 0913a Campaign
[2013/08/29 17:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/29 17:28:22 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/15 16:17:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 16:17:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 16:17:11 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 16:17:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 16:17:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 16:17:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 16:17:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 16:16:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/15 11:43:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/15 11:43:39 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/15 11:43:39 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/10 22:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chaze\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/09 17:29:06 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/09 17:29:06 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/09 17:07:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 17:07:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 17:05:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/09 17:04:58 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\AVG_REG_0913a.job
[2013/09/09 17:04:50 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/09 17:04:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 18:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/08 11:56:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/09/07 15:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/07 15:07:18 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 17:52:07 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/29 17:30:17 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/21 10:13:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/21 10:13:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/09 17:05:00 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/09 17:04:58 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\AVG_REG_0913a.job
[2012/09/13 01:52:26 | 000,000,909 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/09/13 01:52:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/09/13 01:50:14 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/09/13 01:45:53 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/09/13 01:45:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/02/05 13:01:28 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/02/05 13:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/12/28 15:31:33 | 000,068,294 | ---- | C] () -- C:\Users\Chaze\image004.gif
[2009/12/28 15:31:33 | 000,056,799 | ---- | C] () -- C:\Users\Chaze\image003.jpg
[2009/12/28 15:31:33 | 000,035,147 | ---- | C] () -- C:\Users\Chaze\image002.jpg
[2009/12/28 15:31:33 | 000,025,618 | ---- | C] () -- C:\Users\Chaze\image001.gif
[2009/01/14 18:28:08 | 000,000,604 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\AutoGK.ini
[2009/01/10 22:54:39 | 000,087,608 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\inst.exe
[2009/01/10 22:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\pcouffin.cat
[2009/01/10 22:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\pcouffin.inf
[2008/12/30 10:35:05 | 000,005,892 | ---- | C] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2008/12/26 12:32:22 | 000,226,816 | ---- | C] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2013/06/06 10:13:19 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$3014e8243e80992f5eb14b44f4f03fcf\@
[2013/06/06 10:13:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3014e8243e80992f5eb14b44f4f03fcf\L
[2013/06/06 10:13:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$3014e8243e80992f5eb14b44f4f03fcf\U
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 22:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 22:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 22:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 22:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 22:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 22:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 22:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 22:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 22:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 22:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 22:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
No service found with a name of MpsSvc
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 68F0-F95A
Directory of C:\
12/26/2008 12:00 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
11/02/2006 08:42 AM <SYMLINKD> en-US [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
04/11/2009 02:27 AM <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/19/2008 04:38 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/19/2008 04:38 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/31/2010 08:40 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/31/2010 08:40 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/31/2010 08:40 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/31/2010 08:40 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/31/2010 08:40 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/31/2010 08:40 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/31/2010 08:40 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/19/2008 04:38 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/19/2008 04:38 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\Documents
10/31/2010 08:40 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/31/2010 08:40 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/31/2010 08:40 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
12/26/2008 12:00 PM <JUNCTION> Documents [C:\Users\Public\Documents]
12/26/2008 12:00 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
12/26/2008 12:00 PM <SYMLINKD> All Users [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC
03/30/2010 09:52 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC\AppData\Roaming]
03/30/2010 09:52 AM <JUNCTION> Cookies [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Cookies]
03/30/2010 09:52 AM <JUNCTION> Local Settings [C:\Users\123.Chaze-PC\AppData\Local]
03/30/2010 09:52 AM <JUNCTION> My Documents [C:\Users\123.Chaze-PC\Documents]
03/30/2010 09:52 AM <JUNCTION> NetHood [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/30/2010 09:52 AM <JUNCTION> PrintHood [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/30/2010 09:52 AM <JUNCTION> Recent [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Recent]
03/30/2010 09:52 AM <JUNCTION> SendTo [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\SendTo]
03/30/2010 09:52 AM <JUNCTION> Start Menu [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
03/30/2010 09:52 AM <JUNCTION> Templates [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC\AppData\Local
03/30/2010 09:52 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC\AppData\Local]
03/30/2010 09:52 AM <JUNCTION> History [C:\Users\123.Chaze-PC\AppData\Local\Microsoft\Windows\History]
03/30/2010 09:52 AM <JUNCTION> Temporary Internet Files [C:\Users\123.Chaze-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC\Documents
03/30/2010 09:52 AM <JUNCTION> My Music [C:\Users\123.Chaze-PC\Music]
03/30/2010 09:52 AM <JUNCTION> My Pictures [C:\Users\123.Chaze-PC\Pictures]
03/30/2010 09:52 AM <JUNCTION> My Videos [C:\Users\123.Chaze-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000
04/09/2010 11:12 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC.000\AppData\Roaming]
04/09/2010 11:12 AM <JUNCTION> Cookies [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Cookies]
04/09/2010 11:12 AM <JUNCTION> Local Settings [C:\Users\123.Chaze-PC.000\AppData\Local]
04/09/2010 11:12 AM <JUNCTION> My Documents [C:\Users\123.Chaze-PC.000\Documents]
04/09/2010 11:12 AM <JUNCTION> NetHood [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/09/2010 11:12 AM <JUNCTION> PrintHood [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/09/2010 11:12 AM <JUNCTION> Recent [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Recent]
04/09/2010 11:12 AM <JUNCTION> SendTo [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\SendTo]
04/09/2010 11:12 AM <JUNCTION> Start Menu [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu]
04/09/2010 11:12 AM <JUNCTION> Templates [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000\AppData\Local
04/09/2010 11:12 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC.000\AppData\Local]
04/09/2010 11:12 AM <JUNCTION> History [C:\Users\123.Chaze-PC.000\AppData\Local\Microsoft\Windows\History]
04/09/2010 11:12 AM <JUNCTION> Temporary Internet Files [C:\Users\123.Chaze-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000\Documents
04/09/2010 11:12 AM <JUNCTION> My Music [C:\Users\123.Chaze-PC.000\Music]
04/09/2010 11:12 AM <JUNCTION> My Pictures [C:\Users\123.Chaze-PC.000\Pictures]
04/09/2010 11:12 AM <JUNCTION> My Videos [C:\Users\123.Chaze-PC.000\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
12/26/2008 12:00 PM <JUNCTION> Documents [C:\Users\Public\Documents]
12/26/2008 12:00 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Chaze
12/26/2008 12:04 PM <JUNCTION> Application Data [C:\Users\Chaze\AppData\Roaming]
12/26/2008 12:04 PM <JUNCTION> Cookies [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Cookies]
12/26/2008 12:04 PM <JUNCTION> Local Settings [C:\Users\Chaze\AppData\Local]
12/26/2008 12:04 PM <JUNCTION> My Documents [C:\Users\Chaze\Documents]
12/26/2008 12:04 PM <JUNCTION> NetHood [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/26/2008 12:04 PM <JUNCTION> PrintHood [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/26/2008 12:04 PM <JUNCTION> Recent [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Recent]
12/26/2008 12:04 PM <JUNCTION> SendTo [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\SendTo]
12/26/2008 12:04 PM <JUNCTION> Start Menu [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Start Menu]
12/26/2008 12:04 PM <JUNCTION> Templates [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Chaze\AppData\Local
12/26/2008 12:04 PM <JUNCTION> Application Data [C:\Users\Chaze\AppData\Local]
12/26/2008 12:04 PM <JUNCTION> History [C:\Users\Chaze\AppData\Local\Microsoft\Windows\History]
12/26/2008 12:04 PM <JUNCTION> Temporary Internet Files [C:\Users\Chaze\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Chaze\Documents
12/26/2008 12:04 PM <JUNCTION> My Music [C:\Users\Chaze\Music]
12/26/2008 12:04 PM <JUNCTION> My Pictures [C:\Users\Chaze\Pictures]
12/26/2008 12:04 PM <JUNCTION> My Videos [C:\Users\Chaze\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
12/26/2008 12:00 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
12/26/2008 12:00 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
12/26/2008 12:00 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
12/26/2008 12:00 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/26/2008 12:00 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/26/2008 12:00 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
12/26/2008 12:00 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
12/26/2008 12:00 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
12/26/2008 12:00 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
12/26/2008 12:00 PM <JUNCTION> My Music [C:\Users\Default\Music]
12/26/2008 12:00 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
12/26/2008 12:00 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dragz
01/04/2009 11:24 AM <JUNCTION> Application Data [C:\Users\Dragz\AppData\Roaming]
01/04/2009 11:24 AM <JUNCTION> Cookies [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Cookies]
01/04/2009 11:24 AM <JUNCTION> Local Settings [C:\Users\Dragz\AppData\Local]
01/04/2009 11:24 AM <JUNCTION> My Documents [C:\Users\Dragz\Documents]
01/04/2009 11:24 AM <JUNCTION> NetHood [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/04/2009 11:24 AM <JUNCTION> PrintHood [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/04/2009 11:24 AM <JUNCTION> Recent [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Recent]
01/04/2009 11:24 AM <JUNCTION> SendTo [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\SendTo]
01/04/2009 11:24 AM <JUNCTION> Start Menu [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu]
01/04/2009 11:24 AM <JUNCTION> Templates [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\AppData\Local
01/04/2009 11:24 AM <JUNCTION> Application Data [C:\Users\Dragz\AppData\Local]
01/04/2009 11:24 AM <JUNCTION> History [C:\Users\Dragz\AppData\Local\Microsoft\Windows\History]
01/04/2009 11:24 AM <JUNCTION> Temporary Internet Files [C:\Users\Dragz\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\AppData\LocalLow
01/09/2012 12:45 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\Documents
01/04/2009 11:24 AM <JUNCTION> My Music [C:\Users\Dragz\Music]
01/04/2009 11:24 AM <JUNCTION> My Pictures [C:\Users\Dragz\Pictures]
01/04/2009 11:24 AM <JUNCTION> My Videos [C:\Users\Dragz\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Gia
12/27/2008 11:13 AM <JUNCTION> Application Data [C:\Users\Gia\AppData\Roaming]
12/27/2008 11:13 AM <JUNCTION> Cookies [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2008 11:13 AM <JUNCTION> Local Settings [C:\Users\Gia\AppData\Local]
12/27/2008 11:13 AM <JUNCTION> My Documents [C:\Users\Gia\Documents]
12/27/2008 11:13 AM <JUNCTION> NetHood [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2008 11:13 AM <JUNCTION> PrintHood [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2008 11:13 AM <JUNCTION> Recent [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2008 11:13 AM <JUNCTION> SendTo [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2008 11:13 AM <JUNCTION> Start Menu [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2008 11:13 AM <JUNCTION> Templates [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Gia\AppData\Local
12/27/2008 11:13 AM <JUNCTION> Application Data [C:\Users\Gia\AppData\Local]
12/27/2008 11:13 AM <JUNCTION> History [C:\Users\Gia\AppData\Local\Microsoft\Windows\History]
12/27/2008 11:13 AM <JUNCTION> Temporary Internet Files [C:\Users\Gia\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Gia\AppData\LocalLow
03/09/2012 07:10 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Gia\Documents
12/27/2008 11:13 AM <JUNCTION> My Music [C:\Users\Gia\Music]
12/27/2008 11:13 AM <JUNCTION> My Pictures [C:\Users\Gia\Pictures]
12/27/2008 11:13 AM <JUNCTION> My Videos [C:\Users\Gia\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ivy
12/27/2008 10:52 AM <JUNCTION> Application Data [C:\Users\Ivy\AppData\Roaming]
12/27/2008 10:52 AM <JUNCTION> Cookies [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2008 10:52 AM <JUNCTION> Local Settings [C:\Users\Ivy\AppData\Local]
12/27/2008 10:52 AM <JUNCTION> My Documents [C:\Users\Ivy\Documents]
12/27/2008 10:52 AM <JUNCTION> NetHood [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2008 10:52 AM <JUNCTION> PrintHood [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2008 10:52 AM <JUNCTION> Recent [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2008 10:52 AM <JUNCTION> SendTo [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2008 10:52 AM <JUNCTION> Start Menu [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2008 10:52 AM <JUNCTION> Templates [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ivy\AppData\Local
12/27/2008 10:52 AM <JUNCTION> Application Data [C:\Users\Ivy\AppData\Local]
12/27/2008 10:52 AM <JUNCTION> History [C:\Users\Ivy\AppData\Local\Microsoft\Windows\History]
12/27/2008 10:52 AM <JUNCTION> Temporary Internet Files [C:\Users\Ivy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ivy\Documents
12/27/2008 10:52 AM <JUNCTION> My Music [C:\Users\Ivy\Music]
12/27/2008 10:52 AM <JUNCTION> My Pictures [C:\Users\Ivy\Pictures]
12/27/2008 10:52 AM <JUNCTION> My Videos [C:\Users\Ivy\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
12/26/2008 12:00 PM <JUNCTION> My Music [C:\Users\Public\Music]
12/26/2008 12:00 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
12/26/2008 12:00 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Snax
12/29/2008 11:23 PM <JUNCTION> Application Data [C:\Users\Snax\AppData\Roaming]
12/29/2008 11:23 PM <JUNCTION> Cookies [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Cookies]
12/29/2008 11:23 PM <JUNCTION> Local Settings [C:\Users\Snax\AppData\Local]
12/29/2008 11:23 PM <JUNCTION> My Documents [C:\Users\Snax\Documents]
12/29/2008 11:23 PM <JUNCTION> NetHood [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/29/2008 11:23 PM <JUNCTION> PrintHood [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/29/2008 11:23 PM <JUNCTION> Recent [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Recent]
12/29/2008 11:23 PM <JUNCTION> SendTo [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\SendTo]
12/29/2008 11:23 PM <JUNCTION> Start Menu [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu]
12/29/2008 11:23 PM <JUNCTION> Templates [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Snax\AppData\Local
12/29/2008 11:23 PM <JUNCTION> Application Data [C:\Users\Snax\AppData\Local]
12/29/2008 11:23 PM <JUNCTION> History [C:\Users\Snax\AppData\Local\Microsoft\Windows\History]
12/29/2008 11:23 PM <JUNCTION> Temporary Internet Files [C:\Users\Snax\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Snax\AppData\LocalLow
04/16/2012 12:58 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Snax\Documents
12/29/2008 11:23 PM <JUNCTION> My Music [C:\Users\Snax\Music]
12/29/2008 11:23 PM <JUNCTION> My Pictures [C:\Users\Snax\Pictures]
12/29/2008 11:23 PM <JUNCTION> My Videos [C:\Users\Snax\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/19/2008 04:38 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/19/2008 04:38 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/31/2010 08:40 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/31/2010 08:40 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/31/2010 08:40 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/31/2010 08:40 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/31/2010 08:40 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/31/2010 08:40 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/31/2010 08:40 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/19/2008 04:38 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/19/2008 04:38 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
10/31/2010 08:40 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/31/2010 08:40 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/31/2010 08:40 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f
11/02/2006 08:34 AM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 65,640 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,765,552 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
04/11/2009 02:27 AM <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
01/20/2008 10:23 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
13 File(s) 4,278,552 bytes
Total Files Listed:
40 File(s) 12,453,936 bytes
182 Dir(s) 16,870,653,952 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 808 bytes -> C:\Users\Chaze\Documents\Harvard University Announcement.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 1033 bytes -> C:\Users\Chaze\Documents\Action required - Your Student Loan application is incomplete.eml:OECustomProperty

< End of report >
  • 0

#6
Phel
Posted 10 September 2013 - 07:26 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
[CREATERESTOREPOINT]

:Files
fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtMon.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtPlug.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSigDwn.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSoftEx.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll" /c
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe" /c 
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe" /c 
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll" /c
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll" /c

:Commands
[REBOOT]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Now you should be able to download files. Try to download next program on infected PC. If you aren't able to do it after OTL fix, please, download next program from clean PC to your flash drive and transfer it to infected computer.

Step 2. Avenger fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\$Recycle.Bin\S-1-5-18\$3014e8243e80992f5eb14b44f4f03fcf
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Step 3. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    dir C:\ /S /A:L /C
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • OTL.txt
  • avenger.txt

  • 0

#7
Chaze
Posted 11 September 2013 - 12:29 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\$Recycle.Bin\S-1-5-18\$3014e8243e80992f5eb14b44f4f03fcf" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#8
Chaze
Posted 11 September 2013 - 12:55 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
OTL logfile created on: 9/11/2013 2:30:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 58.06% Memory free
6.67 Gb Paging File | 5.31 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.02 Gb Total Space | 15.70 Gb Free Space | 7.04% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.07 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive F: | 4.65 Gb Total Space | 2.87 Gb Free Space | 61.66% Space Free | Partition Type: FAT32

Computer Name: CHAZE-PC | User Name: Chaze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/09 17:39:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2013/08/21 10:13:31 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/19 10:42:57 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/29 00:24:21 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/17 18:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/12/17 17:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/12/23 15:36:46 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2013/08/21 10:13:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/12/19 16:40:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/12/19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes,DefaultScope = {CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{94F9F2EF-DA0C-47CB-9A41-C4E4F42A8435}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\..\SearchScopes\{CEE386A4-CBB0-4B75-B2F0-EC873B2DB9C2}: "URL" = http://www.google.co...1I7DKUS_enUS307
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/29 00:26:14 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Chaze\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 0fc4feb92ff647d6b531d168ddebe023-ff2d2a9c8a9f96531629763c295ca92293d1edba --CMPID 0913a File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A473169A-3ED7-40A7-8CCB-5F9DFEE85E16}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAA0DFE2-D90D-4CB1-8B6B-DC1495BD98F5}: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chaze\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 14:11:20 | 000,020,480 | ---- | M] () - F:\Autobio.odt -- [ FAT32 ]
O33 - MountPoints2\{2fecaaa9-d680-11dd-a9db-00219b0f09d0}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{6e319db3-1192-11de-8dc4-00219b0f09d0}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{6e319db3-1192-11de-8dc4-00219b0f09d0}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/11 14:25:05 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/08/29 17:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/29 17:28:22 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/15 16:17:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 16:17:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 16:17:11 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 16:17:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 16:17:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 16:17:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 16:17:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 16:16:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/15 11:43:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/15 11:43:39 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/15 11:43:39 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/10 22:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chaze\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/11 14:26:13 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/11 14:25:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/11 14:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 14:25:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 14:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 14:25:26 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 14:18:40 | 000,724,952 | ---- | M] () -- C:\Users\Chaze\Desktop\avenger.zip
[2013/09/10 07:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/10 07:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/09 17:29:06 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/09 17:29:06 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/08 11:56:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/09/04 17:52:07 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/29 17:30:17 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/21 10:13:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/21 10:13:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/11 14:22:03 | 000,731,136 | ---- | C] () -- C:\Users\Chaze\Desktop\avenger.exe
[2013/09/11 14:18:36 | 000,724,952 | ---- | C] () -- C:\Users\Chaze\Desktop\avenger.zip
[2012/09/13 01:52:26 | 000,000,909 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/09/13 01:52:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/09/13 01:50:14 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/09/13 01:45:53 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/09/13 01:45:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/02/05 13:01:28 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/02/05 13:01:28 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/12/28 15:31:33 | 000,068,294 | ---- | C] () -- C:\Users\Chaze\image004.gif
[2009/12/28 15:31:33 | 000,056,799 | ---- | C] () -- C:\Users\Chaze\image003.jpg
[2009/12/28 15:31:33 | 000,035,147 | ---- | C] () -- C:\Users\Chaze\image002.jpg
[2009/12/28 15:31:33 | 000,025,618 | ---- | C] () -- C:\Users\Chaze\image001.gif
[2009/01/14 18:28:08 | 000,000,604 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\AutoGK.ini
[2009/01/10 22:54:39 | 000,087,608 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\inst.exe
[2009/01/10 22:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\pcouffin.cat
[2009/01/10 22:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Chaze\AppData\Roaming\pcouffin.inf
[2008/12/30 10:35:05 | 000,005,892 | ---- | C] () -- C:\Users\Chaze\AppData\Local\d3d9caps.dat
[2008/12/26 12:32:22 | 000,226,816 | ---- | C] () -- C:\Users\Chaze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 68F0-F95A
Directory of C:\
12/26/2008 12:00 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
12/26/2008 12:00 PM <JUNCTION> Documents [C:\Users\Public\Documents]
12/26/2008 12:00 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
12/26/2008 12:00 PM <SYMLINKD> All Users [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC
03/30/2010 09:52 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC\AppData\Roaming]
03/30/2010 09:52 AM <JUNCTION> Cookies [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Cookies]
03/30/2010 09:52 AM <JUNCTION> Local Settings [C:\Users\123.Chaze-PC\AppData\Local]
03/30/2010 09:52 AM <JUNCTION> My Documents [C:\Users\123.Chaze-PC\Documents]
03/30/2010 09:52 AM <JUNCTION> NetHood [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/30/2010 09:52 AM <JUNCTION> PrintHood [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/30/2010 09:52 AM <JUNCTION> Recent [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Recent]
03/30/2010 09:52 AM <JUNCTION> SendTo [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\SendTo]
03/30/2010 09:52 AM <JUNCTION> Start Menu [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
03/30/2010 09:52 AM <JUNCTION> Templates [C:\Users\123.Chaze-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC\AppData\Local
03/30/2010 09:52 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC\AppData\Local]
03/30/2010 09:52 AM <JUNCTION> History [C:\Users\123.Chaze-PC\AppData\Local\Microsoft\Windows\History]
03/30/2010 09:52 AM <JUNCTION> Temporary Internet Files [C:\Users\123.Chaze-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC\Documents
03/30/2010 09:52 AM <JUNCTION> My Music [C:\Users\123.Chaze-PC\Music]
03/30/2010 09:52 AM <JUNCTION> My Pictures [C:\Users\123.Chaze-PC\Pictures]
03/30/2010 09:52 AM <JUNCTION> My Videos [C:\Users\123.Chaze-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000
04/09/2010 11:12 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC.000\AppData\Roaming]
04/09/2010 11:12 AM <JUNCTION> Cookies [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Cookies]
04/09/2010 11:12 AM <JUNCTION> Local Settings [C:\Users\123.Chaze-PC.000\AppData\Local]
04/09/2010 11:12 AM <JUNCTION> My Documents [C:\Users\123.Chaze-PC.000\Documents]
04/09/2010 11:12 AM <JUNCTION> NetHood [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/09/2010 11:12 AM <JUNCTION> PrintHood [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/09/2010 11:12 AM <JUNCTION> Recent [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Recent]
04/09/2010 11:12 AM <JUNCTION> SendTo [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\SendTo]
04/09/2010 11:12 AM <JUNCTION> Start Menu [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu]
04/09/2010 11:12 AM <JUNCTION> Templates [C:\Users\123.Chaze-PC.000\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000\AppData\Local
04/09/2010 11:12 AM <JUNCTION> Application Data [C:\Users\123.Chaze-PC.000\AppData\Local]
04/09/2010 11:12 AM <JUNCTION> History [C:\Users\123.Chaze-PC.000\AppData\Local\Microsoft\Windows\History]
04/09/2010 11:12 AM <JUNCTION> Temporary Internet Files [C:\Users\123.Chaze-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\123.Chaze-PC.000\Documents
04/09/2010 11:12 AM <JUNCTION> My Music [C:\Users\123.Chaze-PC.000\Music]
04/09/2010 11:12 AM <JUNCTION> My Pictures [C:\Users\123.Chaze-PC.000\Pictures]
04/09/2010 11:12 AM <JUNCTION> My Videos [C:\Users\123.Chaze-PC.000\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\ProgramData]
12/26/2008 12:00 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
12/26/2008 12:00 PM <JUNCTION> Documents [C:\Users\Public\Documents]
12/26/2008 12:00 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Chaze
12/26/2008 12:04 PM <JUNCTION> Application Data [C:\Users\Chaze\AppData\Roaming]
12/26/2008 12:04 PM <JUNCTION> Cookies [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Cookies]
12/26/2008 12:04 PM <JUNCTION> Local Settings [C:\Users\Chaze\AppData\Local]
12/26/2008 12:04 PM <JUNCTION> My Documents [C:\Users\Chaze\Documents]
12/26/2008 12:04 PM <JUNCTION> NetHood [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/26/2008 12:04 PM <JUNCTION> PrintHood [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/26/2008 12:04 PM <JUNCTION> Recent [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Recent]
12/26/2008 12:04 PM <JUNCTION> SendTo [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\SendTo]
12/26/2008 12:04 PM <JUNCTION> Start Menu [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Start Menu]
12/26/2008 12:04 PM <JUNCTION> Templates [C:\Users\Chaze\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Chaze\AppData\Local
12/26/2008 12:04 PM <JUNCTION> Application Data [C:\Users\Chaze\AppData\Local]
12/26/2008 12:04 PM <JUNCTION> History [C:\Users\Chaze\AppData\Local\Microsoft\Windows\History]
12/26/2008 12:04 PM <JUNCTION> Temporary Internet Files [C:\Users\Chaze\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Chaze\Documents
12/26/2008 12:04 PM <JUNCTION> My Music [C:\Users\Chaze\Music]
12/26/2008 12:04 PM <JUNCTION> My Pictures [C:\Users\Chaze\Pictures]
12/26/2008 12:04 PM <JUNCTION> My Videos [C:\Users\Chaze\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
12/26/2008 12:00 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
12/26/2008 12:00 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
12/26/2008 12:00 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
12/26/2008 12:00 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/26/2008 12:00 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/26/2008 12:00 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
12/26/2008 12:00 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
12/26/2008 12:00 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
12/26/2008 12:00 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
12/26/2008 12:00 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
12/26/2008 12:00 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
12/26/2008 12:00 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
12/26/2008 12:00 PM <JUNCTION> My Music [C:\Users\Default\Music]
12/26/2008 12:00 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
12/26/2008 12:00 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dragz
01/04/2009 11:24 AM <JUNCTION> Application Data [C:\Users\Dragz\AppData\Roaming]
01/04/2009 11:24 AM <JUNCTION> Cookies [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Cookies]
01/04/2009 11:24 AM <JUNCTION> Local Settings [C:\Users\Dragz\AppData\Local]
01/04/2009 11:24 AM <JUNCTION> My Documents [C:\Users\Dragz\Documents]
01/04/2009 11:24 AM <JUNCTION> NetHood [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/04/2009 11:24 AM <JUNCTION> PrintHood [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/04/2009 11:24 AM <JUNCTION> Recent [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Recent]
01/04/2009 11:24 AM <JUNCTION> SendTo [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\SendTo]
01/04/2009 11:24 AM <JUNCTION> Start Menu [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Start Menu]
01/04/2009 11:24 AM <JUNCTION> Templates [C:\Users\Dragz\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\AppData\Local
01/04/2009 11:24 AM <JUNCTION> Application Data [C:\Users\Dragz\AppData\Local]
01/04/2009 11:24 AM <JUNCTION> History [C:\Users\Dragz\AppData\Local\Microsoft\Windows\History]
01/04/2009 11:24 AM <JUNCTION> Temporary Internet Files [C:\Users\Dragz\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\AppData\LocalLow
01/09/2012 12:45 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Dragz\Documents
01/04/2009 11:24 AM <JUNCTION> My Music [C:\Users\Dragz\Music]
01/04/2009 11:24 AM <JUNCTION> My Pictures [C:\Users\Dragz\Pictures]
01/04/2009 11:24 AM <JUNCTION> My Videos [C:\Users\Dragz\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Gia
12/27/2008 11:13 AM <JUNCTION> Application Data [C:\Users\Gia\AppData\Roaming]
12/27/2008 11:13 AM <JUNCTION> Cookies [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2008 11:13 AM <JUNCTION> Local Settings [C:\Users\Gia\AppData\Local]
12/27/2008 11:13 AM <JUNCTION> My Documents [C:\Users\Gia\Documents]
12/27/2008 11:13 AM <JUNCTION> NetHood [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2008 11:13 AM <JUNCTION> PrintHood [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2008 11:13 AM <JUNCTION> Recent [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2008 11:13 AM <JUNCTION> SendTo [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2008 11:13 AM <JUNCTION> Start Menu [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2008 11:13 AM <JUNCTION> Templates [C:\Users\Gia\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Gia\AppData\Local
12/27/2008 11:13 AM <JUNCTION> Application Data [C:\Users\Gia\AppData\Local]
12/27/2008 11:13 AM <JUNCTION> History [C:\Users\Gia\AppData\Local\Microsoft\Windows\History]
12/27/2008 11:13 AM <JUNCTION> Temporary Internet Files [C:\Users\Gia\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Gia\AppData\LocalLow
03/09/2012 07:10 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Gia\Documents
12/27/2008 11:13 AM <JUNCTION> My Music [C:\Users\Gia\Music]
12/27/2008 11:13 AM <JUNCTION> My Pictures [C:\Users\Gia\Pictures]
12/27/2008 11:13 AM <JUNCTION> My Videos [C:\Users\Gia\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ivy
12/27/2008 10:52 AM <JUNCTION> Application Data [C:\Users\Ivy\AppData\Roaming]
12/27/2008 10:52 AM <JUNCTION> Cookies [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2008 10:52 AM <JUNCTION> Local Settings [C:\Users\Ivy\AppData\Local]
12/27/2008 10:52 AM <JUNCTION> My Documents [C:\Users\Ivy\Documents]
12/27/2008 10:52 AM <JUNCTION> NetHood [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2008 10:52 AM <JUNCTION> PrintHood [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2008 10:52 AM <JUNCTION> Recent [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2008 10:52 AM <JUNCTION> SendTo [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2008 10:52 AM <JUNCTION> Start Menu [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2008 10:52 AM <JUNCTION> Templates [C:\Users\Ivy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ivy\AppData\Local
12/27/2008 10:52 AM <JUNCTION> Application Data [C:\Users\Ivy\AppData\Local]
12/27/2008 10:52 AM <JUNCTION> History [C:\Users\Ivy\AppData\Local\Microsoft\Windows\History]
12/27/2008 10:52 AM <JUNCTION> Temporary Internet Files [C:\Users\Ivy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ivy\Documents
12/27/2008 10:52 AM <JUNCTION> My Music [C:\Users\Ivy\Music]
12/27/2008 10:52 AM <JUNCTION> My Pictures [C:\Users\Ivy\Pictures]
12/27/2008 10:52 AM <JUNCTION> My Videos [C:\Users\Ivy\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
12/26/2008 12:00 PM <JUNCTION> My Music [C:\Users\Public\Music]
12/26/2008 12:00 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
12/26/2008 12:00 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Snax
12/29/2008 11:23 PM <JUNCTION> Application Data [C:\Users\Snax\AppData\Roaming]
12/29/2008 11:23 PM <JUNCTION> Cookies [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Cookies]
12/29/2008 11:23 PM <JUNCTION> Local Settings [C:\Users\Snax\AppData\Local]
12/29/2008 11:23 PM <JUNCTION> My Documents [C:\Users\Snax\Documents]
12/29/2008 11:23 PM <JUNCTION> NetHood [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/29/2008 11:23 PM <JUNCTION> PrintHood [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/29/2008 11:23 PM <JUNCTION> Recent [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Recent]
12/29/2008 11:23 PM <JUNCTION> SendTo [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\SendTo]
12/29/2008 11:23 PM <JUNCTION> Start Menu [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Start Menu]
12/29/2008 11:23 PM <JUNCTION> Templates [C:\Users\Snax\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Snax\AppData\Local
12/29/2008 11:23 PM <JUNCTION> Application Data [C:\Users\Snax\AppData\Local]
12/29/2008 11:23 PM <JUNCTION> History [C:\Users\Snax\AppData\Local\Microsoft\Windows\History]
12/29/2008 11:23 PM <JUNCTION> Temporary Internet Files [C:\Users\Snax\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Snax\AppData\LocalLow
04/16/2012 12:58 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Snax\Documents
12/29/2008 11:23 PM <JUNCTION> My Music [C:\Users\Snax\Music]
12/29/2008 11:23 PM <JUNCTION> My Pictures [C:\Users\Snax\Pictures]
12/29/2008 11:23 PM <JUNCTION> My Videos [C:\Users\Snax\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/19/2008 04:38 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/19/2008 04:38 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/31/2010 08:40 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/31/2010 08:40 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/31/2010 08:40 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/31/2010 08:40 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/31/2010 08:40 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/31/2010 08:40 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/31/2010 08:40 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/19/2008 04:38 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/19/2008 04:38 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/19/2008 04:38 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
10/31/2010 08:40 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/31/2010 08:40 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/31/2010 08:40 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
165 Dir(s) 16,860,741,632 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 808 bytes -> C:\Users\Chaze\Documents\Harvard University Announcement.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 1033 bytes -> C:\Users\Chaze\Documents\Action required - Your Student Loan application is incomplete.eml:OECustomProperty

< End of report >
  • 0

#9
Phel
Posted 11 September 2013 - 02:59 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Warning! You are using 2 Antivirus products in one system.

I have noticed, that you are using 2 antiviruses - AVG and Ad-Aware Antivirus in one computer. It can lead to several hangs and in the worst case - to the crash of the whole system. So, please, remove one of these AV's, and keep in your PC only one antivirus program installed.

Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8014
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce7fbc
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1020\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8015
IE - HKU\S-1-5-21-1685079835-285131711-1338073084-1028\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...rms}&n=77ce8015
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1004..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1020..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O4 - HKU\S-1-5-21-1685079835-285131711-1338073084-1000..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Chaze\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 0fc4feb92ff647d6b531d168ddebe023-ff2d2a9c8a9f96531629763c295ca92293d1edba --CMPID 0913a File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5D432CE3

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 2. Restoring broken services.

  • Download ESET Services Repair tool from here to your Desktop.
  • Launch ServicesRepair.exe on your Desktop.
  • Click Yes to start repair.
  • When finished, click Yes to reboot you computer.
  • Post the contents of the C:\Users\Chaze\Desktop\CC Support\Logs\SvcRepair.log in your next message.
Step 3. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on Scan button. Scan could take some time to proceed.
  • Click on the Clean button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.
Step 4. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    BASESERVICES
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • OTL.txt
  • AdwCleaner log
  • SvcRepair.log

  • 0

#10
Chaze
Posted 11 September 2013 - 07:14 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
otl hung. The message read "another program caused otl to stop working".
Should I try again??
  • 0

#11
Chaze
Posted 11 September 2013 - 07:17 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
tried twice...twice windows error message.
  • 0

#12
Chaze
Posted 11 September 2013 - 10:06 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Log Opened: 2013-09-12 @ 00:00:07
00:00:07 - -----------------
00:00:07 - | Begin Logging |
00:00:07 - -----------------
00:00:07 - Fix started on a WIN_VISTA X86 computer
00:00:07 - Prep in progress. Please Wait.
00:00:08 - Prep complete
00:00:08 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
00:00:10 - Services Repair Complete.
00:00:14 - Reboot Initiated
  • 0

#13
Chaze
Posted 11 September 2013 - 10:15 PM

Chaze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
# AdwCleaner v3.003 - Report created 12/09/2013 at 00:10:15
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chaze - CHAZE-PC
# Running from : C:\Users\Chaze\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Chaze\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Chaze\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Dragz\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Dragz\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Ivy\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Ivy\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Gia\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Gia\AppData\LocalLow\MyWebSearch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Chaze\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Dragz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5275 octets] - [12/09/2013 00:08:46]
AdwCleaner[S0].txt - [5334 octets] - [12/09/2013 00:10:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5394 octets] ##########
  • 0

#14
Phel
Posted 12 September 2013 - 11:50 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, please, ignore Step 1 and follow Step 4 in this instruction.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP