Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

After installing new spyware program, pc runs slow

Started by Denisejm , Mar 09 2017 06:42 PM

  • Please log in to reply

#16
RKinner
Posted 15 March 2017 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Copy the text in the code box by highlighting and Ctrl + c 

 

/md5start
mswsock.dll
wininit.exe
Bootcat.cache
dmserver.dll
hidserv.dll
wkssvc.dll
msgsvc.dll
wscsvc.dll
ipinip.sys
smss.exe
csrss.exe
winlogon.exe
services.exe
NLAapi.dll
bfe.dll
FirewallAPI.dll
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.
 

  • 0

Advertisements

#17
Denisejm
Posted 15 March 2017 - 12:54 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

OTL logfile created on: 3/15/2017 2:35:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.02% Memory free
5.75 Gb Paging File | 4.72 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): c:\pagefile.sys 2050 4100 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 10.22 Gb Free Space | 29.89% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 230.56 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 580.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1071.10 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 339.95 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 89.94 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 478.64 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 199.61 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 294.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 352.96 Gb Free Space | 37.89% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 380.81 Gb Free Space | 40.88% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 710.21 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 241.47 Gb Free Space | 25.92% Space Free | Partition Type: NTFS
 
Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017/03/15 14:35:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Secunia\PSI\SUA
PRC - [2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2017/01/30 23:59:22 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
PRC - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe
PRC - [2016/10/25 13:20:46 | 000,831,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
PRC - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe
PRC - [2016/02/03 16:43:08 | 000,602,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2016/02/03 16:39:54 | 001,550,848 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2014/05/22 14:50:04 | 004,513,792 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2013/01/18 11:01:12 | 002,009,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
PRC - [2011/12/23 16:00:00 | 013,451,080 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WINZIP32.EXE
PRC - [2008/08/15 10:39:04 | 003,343,688 | ---- | M] (Webshots.com) -- D:\Webshots\Webshots.scr
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/13 12:30:23 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2015/02/13 10:56:33 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2015/02/13 10:51:34 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2015/02/13 10:51:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2011/12/23 16:00:00 | 000,243,200 | R--- | M] () -- C:\Program Files (x86)\WinZip\ZipSend.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2006/10/26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2017/03/09 03:09:07 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/02/21 21:48:54 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/10/25 13:20:49 | 001,253,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2016/10/25 13:20:47 | 000,970,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avmailc.exe -- (AntiVirMailService)
SRV - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe -- (AntiVirService)
SRV - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2014/12/11 12:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWow64\wdfmgr.exe -- (UMWdf)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2015/02/01 21:51:35 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "www.Google.com"
FF - prefs.js..extensions.enabledAddons: saveall%40ns.ba:0.5.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.4.0.6
FF - prefs.js..extensions.enabledAddons: faviconrestorer%40masserog.it:1.4.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: blankprivatebrowsingpage%40ipotable.github.com:1.0
FF - prefs.js..extensions.enabledAddons: Restart-My-Fox%408pecxstudios.com:1.1.5
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.10.3
FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.99.07c
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.4
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.5.3
FF - prefs.js..extensions.enabledAddons: unitedronaldo%40yahoo.com:0.9.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017/01/17 15:58:38 | 000,000,000 | ---D | M]
 
[2015/02/07 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data
[2016/11/16 12:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\jid1-q4sG8pYhq8KGHs@jetpack
[2016/09/01 21:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2017/02/01 08:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extension-data
[2017/03/09 16:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Favicon Restorer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:48 | 000,000,000 | ---D | M] (SaveAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 12:44:08 | 000,006,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/21 14:20:09 | 000,647,418 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/16 12:38:06 | 000,385,969 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 09:27:54 | 000,015,898 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/06 12:20:16 | 000,035,248 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/01/26 13:18:37 | 000,037,250 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/06 18:47:31 | 000,079,847 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/17 20:02:56 | 000,090,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/06/03 12:03:25 | 000,078,096 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/29 13:15:07 | 000,269,732 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/02 11:49:40 | 000,076,870 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/03 17:20:00 | 000,046,099 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/09 19:13:28 | 000,161,730 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2016/05/01 10:42:59 | 000,021,150 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi
[2017/02/14 20:21:51 | 000,138,342 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2017/01/26 13:18:38 | 000,011,509 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
[2017/02/14 20:22:15 | 000,060,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi
[2017/01/23 12:55:21 | 000,056,772 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi
[2017/03/09 16:07:58 | 000,103,407 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2017/02/07 20:02:39 | 000,005,527 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\features\{0f40b2c0-9e2f-428e-b6b4-b6b758d4762c}\[email protected]
[2017/03/09 03:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SysWow64\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1489580556 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk = D:\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://update.micro...b?1423973039265(MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\SysWow64\Userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWow64\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\EFS: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/01 20:06:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017/03/15 11:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GrantPerms
[2017/03/15 10:03:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/15 00:18:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/03/13 19:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
[2017/03/13 17:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2017/03/13 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2017/03/13 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Repair (All in One)
[2017/03/13 11:32:23 | 032,823,032 | ---- | C] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/09 20:28:45 | 002,424,832 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/09 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2017/02/21 21:48:53 | 000,802,904 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017/03/15 14:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/03/15 14:04:30 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2017/03/15 13:45:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\DivXUpdate.job
[2017/03/15 12:52:01 | 000,007,891 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2017/03/15 11:58:48 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MS Word 2007.lnk
[2017/03/15 11:54:47 | 000,453,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GrantPerms.zip
[2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/15 08:55:48 | 002,424,832 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/15 08:22:30 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2017/03/15 08:22:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/03/14 13:04:32 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk
[2017/03/14 10:55:22 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2017/03/14 10:55:21 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2017/03/14 10:49:10 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 18:28:22 | 000,000,230 | -HS- | M] () -- C:\boot.ini
[2017/03/13 17:28:32 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:53 | 000,039,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/13 11:32:52 | 032,823,032 | ---- | M] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/10 10:57:54 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/03 14:33:59 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:53 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/02/14 02:46:06 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PP.lnk
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017/03/15 11:54:45 | 000,453,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GrantPerms.zip
[2017/03/14 10:49:08 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 17:28:32 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:52 | 000,039,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/10 10:57:54 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/03 14:33:59 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/01/29 15:21:03 | 001,198,045 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2017/01/29 15:21:03 | 000,003,003 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2017/01/29 15:20:54 | 000,107,520 | ---- | C] () -- C:\WINDOWS\SysWow64\zlib1.dll
[2017/01/29 15:20:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng13.dll
[2017/01/29 15:20:51 | 000,138,752 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng15.dll
[2017/01/29 15:20:49 | 001,198,049 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2017/01/29 15:20:49 | 000,010,840 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016/12/01 01:12:36 | 000,283,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2016/11/02 12:51:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2016/11/02 12:51:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2016/11/02 12:51:27 | 000,007,891 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2016/11/02 12:51:27 | 000,007,819 | ---- | C] () -- C:\WINDOWS\BROMJ450DW.INI
[2016/11/02 12:48:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2016/11/02 12:48:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2016/11/02 12:47:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2016/02/15 16:06:21 | 000,129,024 | ---- | C] () -- C:\WINDOWS\SysWow64\AVERM.dll
[2016/02/15 16:06:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\AVEQT.dll
[2016/01/09 01:16:44 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2016/01/08 16:12:52 | 000,043,698 | ---- | C] () -- C:\WINDOWS\SysWow64\xvid-uninstall.exe
[2015/04/25 16:06:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2015/03/31 13:31:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
[2015/03/05 13:05:51 | 000,189,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2015/02/10 22:46:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2015/02/01 20:45:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 20:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< MD5 for: DMSERVER.DLL  >
[2007/02/17 01:17:20 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=76F7E7922F428BE040F800920BB8FF3B -- C:\WINDOWS\ServicePackFiles\amd64\dmserver.dll
 
< MD5 for: MSGSVC.DLL  >
[2007/02/17 01:38:26 | 000,057,344 | ---- | M] (Microsoft Corporation) MD5=34EF8CBEA95EF5108A1349FC22D87513 -- C:\WINDOWS\ServicePackFiles\amd64\msgsvc.dll
 
< MD5 for: MSWSOCK.DLL  >
[2007/02/18 08:00:00 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2007/02/17 01:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\ServicePackFiles\amd64\mswsock.dll
[2011/03/03 13:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll
[2011/03/03 13:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll
 
< MD5 for: SERVICES.EXE  >
[2009/03/19 20:42:16 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=5BC6B0FFA0EB95A02F63D5BCAD39127B -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2007/02/18 08:00:00 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2007/02/17 01:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\ServicePackFiles\amd64\services.exe
 
< MD5 for: SMSS.EXE  >
[2007/02/18 08:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\SysWOW64\smss.exe
[2007/02/17 01:55:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=C446BAC962AC4F3B301DB2920E4584E8 -- C:\WINDOWS\ServicePackFiles\amd64\smss.exe
 
< MD5 for: WINLOGON.EXE  >
[2007/02/17 02:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe
[2016/03/10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files (x86)\MBAM\Chameleon\Windows\winlogon.exe
 
< MD5 for: WKSSVC.DLL  >
[2007/02/18 08:00:00 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=14A994FEA0C50E9AC1D186BB1A544A3A -- C:\WINDOWS\$NtUninstallKB971657$\wkssvc.dll
[2007/02/17 02:03:18 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=14A994FEA0C50E9AC1D186BB1A544A3A -- C:\WINDOWS\ServicePackFiles\amd64\wkssvc.dll
[2009/06/16 04:37:54 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=591786FE85DF5CEB8CFC86E0DF3BF13A -- C:\WINDOWS\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
 
< MD5 for: WSCSVC.DLL  >
[2007/02/17 02:04:26 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=82960CE97C1898C28D7AE62BA6721D27 -- C:\WINDOWS\ServicePackFiles\amd64\wscsvc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 


  • 0

#18
RKinner
Posted 15 March 2017 - 02:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It's hard to see how your PC can run it all.  Appears that most of the 64 bit files that should be in C:\Windows\system32\ are missing.  

 

I wonder if sfc will run.

 

Start, All Programs, Accessories then Command Prompt.

 

Type (with an Enter after the line)

sfc  /scannow

The purpose of the above is to scan through your system files and fix any that are missing or that have been changed.  Unfortunately it's not that reliable in XP.  It may have to ask you for the CD which you probably do not have.  If it asks you for a CD just tell it to skip.  Continue until you finish.  After you get all of the way through.

 

Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, click on Command Prompt.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
While you have a command window open type:
 
 
set  systemroot

Does it tell you:

 

SystemRoot=C:\Windows

 

 

 
?

  • 0

#19
Denisejm
Posted 15 March 2017 - 04:25 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

I built this pc with the help of Geeks to Go back in 2006. Actually, I told them what I wanted and they told me which parts I should buy. Then it was just plug them in and here I am  :)   so I have the XP x64 disk.

 

I just ran sfc /scannow.  It asked me to Retry about 10 times and then it finished but it didn't give me a log.

 

The screenshot shows results of findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt  AND  notepad \windows\logs\cbs\junk.txt

 

When I typed in c:\set  systemroot, it said c:\Documents and Settings\Administrator>

 

My pc runs fine, all programs run fine.  It's just extremely slow on line only since I installed SpyHunter even though I uninstalled it.  It may be that the program changed some of the files.  I took its recommendations and deleted all the files that it said was malware/spyware.

 

 

Denise

 

Attached Thumbnails

  • 1jpg.jpg

  • 0

#20
RKinner
Posted 15 March 2017 - 05:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

OK.  I suppose XP may use a different folder than Vista/7/8/10

 

Let's see if SFC fixed anything.

 

Copy the text in the code box by highlighting and Ctrl + c 

 

/md5start
mswsock.dll
wininit.exe
Bootcat.cache
dmserver.dll
hidserv.dll
wkssvc.dll
msgsvc.dll
wscsvc.dll
ipinip.sys
smss.exe
csrss.exe
winlogon.exe
services.exe
NLAapi.dll
bfe.dll
FirewallAPI.dll
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.
 

  • 0

#21
Denisejm
Posted 15 March 2017 - 05:49 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

OTL logfile created on: 3/15/2017 7:45:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 67.69% Memory free
5.75 Gb Paging File | 4.32 Gb Available in Paging File | 75.20% Paging File free
Paging file location(s): c:\pagefile.sys 2050 4100 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 9.70 Gb Free Space | 28.37% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 230.56 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 580.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1071.10 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 339.95 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 89.94 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 478.64 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 199.61 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 294.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 352.96 Gb Free Space | 37.89% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 380.81 Gb Free Space | 40.88% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 710.21 Gb Free Space | 38.12% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 241.47 Gb Free Space | 25.92% Space Free | Partition Type: NTFS
 
Computer Name: KINGKONG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2017/03/09 03:09:07 | 000,517,064 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2017/01/30 23:59:22 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
PRC - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe
PRC - [2016/10/25 13:20:46 | 000,831,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
PRC - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe
PRC - [2016/02/03 16:43:08 | 000,602,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2016/02/03 16:39:54 | 001,550,848 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2016/02/02 08:45:52 | 000,837,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2014/05/22 14:50:04 | 004,513,792 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2013/01/18 11:01:12 | 002,009,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
PRC - [2008/08/15 10:39:04 | 003,343,688 | ---- | M] (Webshots.com) -- D:\Webshots\Webshots.scr
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/02 13:41:00 | 001,278,976 | ---- | M] () -- C:\WINDOWS\SysWOW64\quartz.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2017/03/09 03:09:07 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/02/21 21:48:54 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/01/29 15:19:29 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2016/10/25 13:20:55 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/10/25 13:20:49 | 001,253,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avwebgrd.exe -- (AntiVirWebService)
SRV - [2016/10/25 13:20:47 | 000,970,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\Antivirus\avmailc.exe -- (AntiVirMailService)
SRV - [2016/10/25 13:20:46 | 000,470,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe -- (AntiVirService)
SRV - [2016/02/02 08:45:52 | 001,570,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2016/02/02 08:45:52 | 000,837,848 | ---- | M] (Secunia) [On_Demand | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2014/12/11 12:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/09/25 16:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2015/02/01 21:51:35 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "www.Google.com"
FF - prefs.js..extensions.enabledAddons: saveall%40ns.ba:0.5.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.4.0.6
FF - prefs.js..extensions.enabledAddons: faviconrestorer%40masserog.it:1.4.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: blankprivatebrowsingpage%40ipotable.github.com:1.0
FF - prefs.js..extensions.enabledAddons: Restart-My-Fox%408pecxstudios.com:1.1.5
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.10.3
FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.99.07c
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.4
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.5.3
FF - prefs.js..extensions.enabledAddons: unitedronaldo%40yahoo.com:0.9.7.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VLC Media Player x64 v2.1.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0 ESR\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017/01/17 15:58:38 | 000,000,000 | ---D | M]
 
[2015/02/07 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data
[2016/11/16 12:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2016/12/06 12:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\jid1-q4sG8pYhq8KGHs@jetpack
[2016/09/01 21:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\browser-extension-data\[email protected]
[2017/02/01 08:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extension-data
[2017/03/09 16:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Favicon Restorer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:53 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 11:08:48 | 000,000,000 | ---D | M] (SaveAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 12:44:08 | 000,006,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/21 14:20:09 | 000,647,418 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/16 12:38:06 | 000,385,969 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/05/01 09:27:54 | 000,015,898 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/06 12:20:16 | 000,035,248 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/01/26 13:18:37 | 000,037,250 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/06 18:47:31 | 000,079,847 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/17 20:02:56 | 000,090,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/06/03 12:03:25 | 000,078,096 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/11/29 13:15:07 | 000,269,732 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/02 11:49:40 | 000,076,870 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2017/02/03 17:20:00 | 000,046,099 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\[email protected]
[2016/12/09 19:13:28 | 000,161,730 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2016/05/01 10:42:59 | 000,021,150 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi
[2017/02/14 20:21:51 | 000,138,342 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2017/01/26 13:18:38 | 000,011,509 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi
[2017/02/14 20:22:15 | 000,060,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi
[2017/01/23 12:55:21 | 000,056,772 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{e965eb3c-1419-4448-893c-d13aee5862f7}.xpi
[2017/03/09 16:07:58 | 000,103,407 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
[2017/02/07 20:02:39 | 000,005,527 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\plpchrbo.default\features\{0f40b2c0-9e2f-428e-b6b4-b6b758d4762c}\[email protected]
[2017/03/09 03:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Video Programs\Xvid\CheckUpdate.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1489617930 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk = D:\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\system32\NLAapi.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\Antivirus\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://update.micro...b?1423973039265(MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C743BC-9CA0-4CF9-ADF6-7F047B249B9F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/01 20:06:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017/03/15 18:40:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2017/03/15 11:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GrantPerms
[2017/03/15 10:03:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/13 19:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
[2017/03/13 17:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2017/03/13 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2017/03/13 11:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Repair (All in One)
[2017/03/13 11:32:23 | 032,823,032 | ---- | C] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/09 20:28:45 | 002,424,832 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/09 20:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HijackThis
[2017/02/21 21:48:53 | 000,802,904 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017/03/15 19:45:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\DivXUpdate.job
[2017/03/15 19:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/03/15 19:04:11 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2017/03/15 18:43:12 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2017/03/15 18:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/03/15 18:25:44 | 000,022,148 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1jpg.jpg
[2017/03/15 12:52:01 | 000,007,891 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2017/03/15 11:58:48 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MS Word 2007.lnk
[2017/03/15 11:54:47 | 000,453,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GrantPerms.zip
[2017/03/15 10:04:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2017/03/15 08:55:48 | 002,424,832 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FRST64.exe
[2017/03/14 13:04:32 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Webshots.lnk
[2017/03/14 10:55:22 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2017/03/14 10:55:21 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2017/03/14 10:49:10 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 18:28:22 | 000,000,230 | -HS- | M] () -- C:\boot.ini
[2017/03/13 17:28:32 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:53 | 000,039,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/13 11:32:52 | 032,823,032 | ---- | M] (Tweaking.com) -- C:\Documents and Settings\Administrator\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2017/03/10 10:57:54 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/03 14:33:59 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:53 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/02/21 21:48:53 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/02/14 02:46:06 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PP.lnk
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017/03/15 18:25:43 | 000,022,148 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1jpg.jpg
[2017/03/15 11:54:45 | 000,453,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GrantPerms.zip
[2017/03/14 10:49:08 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2017/03/13 17:28:32 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
[2017/03/13 17:19:52 | 000,039,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avirajpg.jpg
[2017/03/13 17:18:35 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Avira.bmp
[2017/03/10 10:57:54 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Express Scripts - 1.866.281.2966.lnk
[2017/03/03 14:33:59 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DRIVING DIRECTIONS - Doctors, Stores 010517.lnk
[2017/02/21 21:48:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/01/29 15:21:03 | 001,198,045 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2017/01/29 15:21:03 | 000,003,003 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2017/01/29 15:20:54 | 000,107,520 | ---- | C] () -- C:\WINDOWS\SysWow64\zlib1.dll
[2017/01/29 15:20:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng13.dll
[2017/01/29 15:20:51 | 000,138,752 | ---- | C] () -- C:\WINDOWS\SysWow64\libpng15.dll
[2017/01/29 15:20:49 | 001,198,049 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2017/01/29 15:20:49 | 000,010,840 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016/12/01 01:12:36 | 000,283,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2016/11/02 12:51:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2016/11/02 12:51:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2016/11/02 12:51:27 | 000,007,891 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2016/11/02 12:51:27 | 000,007,819 | ---- | C] () -- C:\WINDOWS\BROMJ450DW.INI
[2016/11/02 12:48:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2016/11/02 12:48:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2016/11/02 12:47:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2016/02/15 16:06:21 | 000,129,024 | ---- | C] () -- C:\WINDOWS\SysWow64\AVERM.dll
[2016/02/15 16:06:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\AVEQT.dll
[2016/01/09 01:16:44 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2016/01/08 16:12:52 | 000,043,698 | ---- | C] () -- C:\WINDOWS\SysWow64\xvid-uninstall.exe
[2015/04/25 16:06:26 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2015/03/31 13:31:27 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
[2015/03/05 13:05:51 | 000,189,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2015/02/10 22:46:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2015/02/01 20:45:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 20:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< MD5 for: DMSERVER.DLL  >
[2007/02/17 01:17:20 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=76F7E7922F428BE040F800920BB8FF3B -- C:\WINDOWS\ServicePackFiles\amd64\dmserver.dll
 
< MD5 for: MSGSVC.DLL  >
[2007/02/17 01:38:26 | 000,057,344 | ---- | M] (Microsoft Corporation) MD5=34EF8CBEA95EF5108A1349FC22D87513 -- C:\WINDOWS\ServicePackFiles\amd64\msgsvc.dll
 
< MD5 for: MSWSOCK.DLL  >
[2007/02/18 08:00:00 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2007/02/17 01:39:44 | 000,492,032 | ---- | M] (Microsoft Corporation) MD5=7F6F508DAE92E99B62287562F10343B1 -- C:\WINDOWS\ServicePackFiles\amd64\mswsock.dll
[2011/03/03 13:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll
[2011/03/03 13:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll
 
< MD5 for: SERVICES.EXE  >
[2009/03/19 20:42:16 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=5BC6B0FFA0EB95A02F63D5BCAD39127B -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2007/02/18 08:00:00 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2007/02/17 01:54:26 | 000,224,256 | ---- | M] (Microsoft Corporation) MD5=D255E0DDB63A6223BFD8057266380017 -- C:\WINDOWS\ServicePackFiles\amd64\services.exe
 
< MD5 for: SMSS.EXE  >
[2007/02/18 08:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\SysWOW64\smss.exe
[2007/02/17 01:55:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=C446BAC962AC4F3B301DB2920E4584E8 -- C:\WINDOWS\ServicePackFiles\amd64\smss.exe
 
< MD5 for: WINLOGON.EXE  >
[2007/02/17 02:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe
[2016/03/10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files (x86)\MBAM\Chameleon\Windows\winlogon.exe
 
< MD5 for: WKSSVC.DLL  >
[2007/02/18 08:00:00 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=14A994FEA0C50E9AC1D186BB1A544A3A -- C:\WINDOWS\$NtUninstallKB971657$\wkssvc.dll
[2007/02/17 02:03:18 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=14A994FEA0C50E9AC1D186BB1A544A3A -- C:\WINDOWS\ServicePackFiles\amd64\wkssvc.dll
[2009/06/16 04:37:54 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=591786FE85DF5CEB8CFC86E0DF3BF13A -- C:\WINDOWS\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
 
< MD5 for: WSCSVC.DLL  >
[2007/02/17 02:04:26 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=82960CE97C1898C28D7AE62BA6721D27 -- C:\WINDOWS\ServicePackFiles\amd64\wscsvc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 

 


  • 0

#22
RKinner
Posted 15 March 2017 - 06:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Start, All Programs, Accessories, Command Prompt.  Type:

set > \junk.txt
notepad \junk.txt

Hit Enter after each line.  Copy and Paste the text from notepad into a reply


  • 0

#23
Denisejm
Posted 15 March 2017 - 06:52 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
COMPUTERNAME=KINGKONG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\KINGKONG
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=KINGKONG
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
 


  • 0

#24
RKinner
Posted 15 March 2017 - 08:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

See if you can get this tool to run:

 

http://support.eset.com/kb2895/

 

Make sure you read the instructions for XP.

 

 

 

Also try aswmbr

 

 
Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.
 
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
 
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

  • 0

#25
Denisejm
Posted 15 March 2017 - 10:26 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

I downloaded eset but it said "ERROR: Sorry but this Windows version is not supported!"

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-03-16 00:24:19
-----------------------------
00:24:19.859    OS Version: Windows x64 5.2.3790 Service Pack 2
00:24:19.859    Number of processors: 4 586 0xF0B
00:24:19.859    ComputerName: KINGKONG  UserName:
00:24:21.281    Initialize success
00:24:21.312    VM: initialized successfully
00:24:21.312    VM: Intel CPU supported
00:24:33.906    VM: disk I/O atapi.sys
00:25:23.468    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-8
00:25:23.468    Disk 0 Vendor: WDC_WD20EURS-73TLHY0 80.00A80 Size: 1907728MB BusType: 3
00:25:23.468    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-10
00:25:23.468    Disk 1 Vendor: WDC_WD20EURS-63S48Y0 51.0AB51 Size: 1907729MB BusType: 3
00:25:23.468    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-26
00:25:23.468    Disk 2 Vendor: WDC_WD20EURS-63S48Y0 51.0AB51 Size: 1907729MB BusType: 3
00:25:23.484    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T0L0-32
00:25:23.484    Disk 3 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953868MB BusType: 3
00:25:23.484    Disk 4  \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP2T1L0-3a
00:25:23.484    Disk 4 Vendor: WDC_WD20EURX-57T0FY0 80.00A80 Size: 1907729MB BusType: 3
00:25:23.484    Disk 5  \Device\Harddisk5\DR5 -> \Device\Scsi\rr232x1Port6Path0Target0Lun0
00:25:23.484    Disk 5 Vendor: HPT_____ 4.00 Size: 953869MB BusType: 1
00:25:23.484    Disk 6  \Device\Harddisk6\DR6 -> \Device\Scsi\rr232x1Port6Path0Target1Lun0
00:25:23.484    Disk 6 Vendor: HPT_____ 4.00 Size: 953868MB BusType: 1
00:25:23.500    Disk 7  \Device\Harddisk7\DR7 -> \Device\Scsi\rr232x1Port6Path0Target2Lun0
00:25:23.500    Disk 7 Vendor: HPT_____ 4.00 Size: 953868MB BusType: 1
00:25:23.500    Disk 8  \Device\Harddisk8\DR8 -> \Device\Scsi\rr232x1Port6Path0Target3Lun0
00:25:23.500    Disk 8 Vendor: HPT_____ 4.00 Size: 953869MB BusType: 1
00:25:23.500    Disk 9  \Device\Harddisk9\DR9 -> \Device\Scsi\rr232x1Port6Path0Target4Lun0
00:25:23.515    Disk 9 Vendor: HPT_____ 4.00 Size: 953868MB BusType: 1
00:25:23.515    Disk 10  \Device\Harddisk10\DR10 -> \Device\Scsi\rr232x1Port6Path0Target5Lun0
00:25:23.515    Disk 10 Vendor: HPT_____ 4.00 Size: 1907728MB BusType: 1
00:25:23.515    Disk 11  \Device\Harddisk11\DR11 -> \Device\Scsi\rr232x1Port6Path0Target6Lun0
00:25:23.515    Disk 11 Vendor: HPT_____ 4.00 Size: 953868MB BusType: 1
00:25:23.609    Disk 3 MBR read successfully
00:25:23.609    Disk 3 MBR scan
00:25:23.609    Disk 3 Windows XP default MBR code
00:25:23.609    Disk 3 Partition 1 80 (A) 07      HPFS/NTFS NTFS        35000 MB offset 63
00:25:23.625    Disk 3 Partition 2 00     07      HPFS/NTFS NTFS       918866 MB offset 71682030
00:25:23.640    Disk 3 scanning C:\WINDOWS\system32\drivers
00:25:27.000    Service scanning
00:25:31.656    Modules scanning
00:25:31.656    Disk 3 trace - called modules:
00:25:31.687    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
00:25:31.687    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffadf9c78e060]
00:25:31.687    3 CLASSPNP.SYS[fffffadf901b68c9] -> nt!IofCallDriver -> \Device\00000070[0xfffffadf9c54d800]
00:25:31.687    5 ACPI.sys[fffffadf903a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-32[0xfffffadf9bd32c30]
00:25:31.687    Disk 3 statistics 66516/0/0 @ 15.18 MB/s
00:25:31.687    Scan finished successfully
00:25:42.343    Disk 3 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:25:42.343    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


 


  • 0

Advertisements

#26
RKinner
Posted 16 March 2017 - 05:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Too bad about ESET.

 

AswMBR didn't find any sign of an infection so all of the damage was done by your antispy program.  I think it didn't understand that your system was 64 bit and ate most of the 64 bit programs.  You do have some system restore points saved.  How long ago did you run the antispy program?  If it was in March you might be able to restore back to your earliest restore point.  

 

If that's not an option then I think you need to do a repair install.  

https://www.winhelp....windows-xp.html

This should not lose your data but it will lose any updates.  (is your CD XP SP2 or SP1 or no service pack?  The problem with updates is that MS has turned off their update server.  You can still get the updates but you have to download them from the catalog using IE and I'm not sure they still support IE6 so best to get the updates first while you still can.

 

I think Speccy gives you a list of all updates on the PC so let's run Speccy.

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

  • 0

#27
Denisejm
Posted 16 March 2017 - 11:39 AM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts

I'm not ready to do a repair of Windows right now.  A few years ago, I tried it and I wound up having to do a complete reinstall.  Since it appears that the slowness is due to missing Windows files and not malware, I'm okay with that for now.  I'll keep your instructions and when I have no option other than to do a repair or reinstall, I'll do it then.

 

Thanks for all your help and your patience. I very much appreciate it.

 

Denise


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP