DiscoMilkshakes

Members
  • Content Count

    12
  • Joined

  • Last visited

  • Days Won

    1

DiscoMilkshakes last won the day on June 25 2014

DiscoMilkshakes had the most liked content!

Community Reputation

1 Neutral

About DiscoMilkshakes

  • Rank
    Member
  1. Okay, everything seems to be taken care of! Once again I am extremely grateful for all the help you have given me. If there is any way I can repay your kindness... any kind of reputation or recommendation system that lavasoft has for their moderators I will gladly do so. If not, then hopefully my thanks is enough!!
  2. And here are the RogueKiller results RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 3) 32 bits version Started in : Normal mode User : Charlie [Admin rights] Mode : Scan -- Date : 06/22/2014 22:37:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 18 ¤¤¤ [shell.HJ] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> FOUND [broken.Val] HKEY_CLASSES_ROOT\.exe\shell\open\command | : No Data -> FOUND ¤¤¤ Scheduled tasks : 7 ¤¤¤ [suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\Charlie\AppData\Local\Temp\IHUAF81.tmp.exe) -> FOUND [suspicious.Path] \\{411994B6-A81A-4F08-98A6-9809277DD6AE} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\175.16_geforce_winvista_32bit_english_whql.exe -d C:\Users\Charlie) -> FOUND [suspicious.Path] \\{71A5CDA2-BAD3-436C-B6DE-ED9C5DAFC574} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39O910HG\175.19_geforce_winvista_32bit_english_whql[1].exe" -d C:\Users\Charlie\Desktop) -> FOUND [suspicious.Path] \\{79A963BE-22F9-423B-B6EF-F923377AE923} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\WoW-2.2.3.7359-to-0.3.0.7441-enUS-downloader.exe -d C:\Windows\system32) -> FOUND [suspicious.Path] \\{C05F76CD-E48D-44D2-A4B8-82BD22621B64} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\175.19_geforce_winvista_32bit_english_whql.exe -d C:\Users\Charlie\Desktop) -> FOUND [suspicious.Path] \\{CAD21592-0205-4B37-B6E6-4950A4A3EE5B} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Ares\My Shared Folder\the sims 2(2).exe" -d "C:\Users\Charlie\AppData\Local\Ares\My Shared Folder") -> FOUND [suspicious.Path] \\{ECBF630B-7D84-4EA7-BE84-90AC591F82FB} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBKJ5XOV\GCLiteSetup14[1].exe" -d C:\Windows\system32) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 118 ¤¤¤ [EAT:Addr] (explorer.exe) WINTRUST.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74e9152c [EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x74e9c80a [EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x74e8dd2c [EAT:Addr] (explorer.exe) WINTRUST.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x74e97041 [EAT:Addr] (explorer.exe) WINTRUST.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x74e9c9a7 [EAT:Addr] (explorer.exe) WINTRUST.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x74e91135 [EAT:Addr] (explorer.exe) WINTRUST.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x74e97131 [EAT:Addr] (explorer.exe) WINTRUST.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x74e9118c [EAT:Addr] (explorer.exe) WINTRUST.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x74e87339 [EAT:Addr] (explorer.exe) WINTRUST.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x74e85197 [EAT:Addr] (explorer.exe) WINTRUST.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x74e9c83a [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x74e9b7e8 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x74e9c776 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x74e9c7b9 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x74e9b81e [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x74e9b9c1 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x74e9c6e7 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x74e90020 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x74e90096 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x74e978fd [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x74e9c7c9 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x74e97908 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x74e97913 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x74e9791e [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x74e9c735 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x74e8630f [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x74e9b639 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x74e8a5b1 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x74e89f93 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x74e8b046 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x74e83258 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x74e9b5b0 [EAT:Addr] (explorer.exe) WINTRUST.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x74e984e4 [EAT:Addr] (explorer.exe) WINTRUST.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x74e83ef8 [EAT:Addr] (explorer.exe) WINTRUST.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x74e8657d [EAT:Addr] (explorer.exe) WINTRUST.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x74e876f9 [EAT:Addr] (explorer.exe) WINTRUST.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x74e9c646 [EAT:Addr] (explorer.exe) WINTRUST.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x74e9ca90 [EAT:Addr] (explorer.exe) WINTRUST.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x74e9c30f [EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x74e86da8 [EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74e9c19d [EAT:Addr] (explorer.exe) WINTRUST.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x74e8dc66 [EAT:Addr] (explorer.exe) WINTRUST.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74e9c06b [EAT:Addr] (explorer.exe) WINTRUST.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e91cb5 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74e9cb05 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x74e9705d [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x74e9c527 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x74e87083 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74e92d45 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74e9be6f [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74e8ce28 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74e9c5ba [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e87135 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74e82d8e [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x74e8540a [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74e9bfbb [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74e9bd35 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74e9bbe9 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x74e9c3ca [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74e9232c [EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74e8c94f [EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x74e8f459 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x74e9b6c3 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x74e9cbea [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x74e82c3b [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x74e9ce45 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x74e8faf7 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x74e9cd46 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x74e9ccd2 [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x74e9cc5e [EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x74e9b82e [EAT:Addr] (explorer.exe) WINTRUST.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x74e9c933 [EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74e9b8be [EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x74e8e373 [EAT:Addr] (explorer.exe) WINTRUST.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x74e83de5 [EAT:Addr] (explorer.exe) WINTRUST.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x74e9ba7f [EAT:Addr] (explorer.exe) WINTRUST.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x74e9b56c [EAT:Addr] (explorer.exe) WINTRUST.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x74e9121d [EAT:Addr] (explorer.exe) WINTRUST.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74e9cdbc [EAT:Addr] (explorer.exe) WINTRUST.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x74e93861 [EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x74e9b710 [EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x74e9b75e [EAT:Addr] (explorer.exe) WINTRUST.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x74e9c8b0 [EAT:Addr] (explorer.exe) WINTRUST.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x74e9ca1c [EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e87ba3 [EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74e9c149 [EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e87d5d [EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74e9c21a [EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e90dee [EAT:Addr] (explorer.exe) WINTRUST.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74e9cb82 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74e92c09 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74e9bf0a [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x74e9bb47 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x74e92149 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74e8cebb [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x74e93188 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74e85a70 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x74e9c45d [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x74e855f8 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e91284 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74e85305 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74e8e857 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74e9bdc9 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74e9bc84 [EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74e84c48 [EAT:Addr] (explorer.exe) WINTRUST.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74e9b93f [EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e9c171 [EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74e9c149 [EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e9c2e3 [EAT:Addr] (explorer.exe) WINTRUST.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x74e9b83a [EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x74e9b84a [EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x74e9b85a [EAT:Addr] (explorer.exe) WINTRUST.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x74e9b86a [EAT:Addr] (explorer.exe) WINTRUST.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x74e9cd78 [EAT:Addr] (explorer.exe) WINTRUST.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x74e9b7ac [EAT:Addr] (explorer.exe) QAgent.dll - DllCanUnloadNow : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf155f [EAT:Addr] (explorer.exe) QAgent.dll - DllGetClassObject : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf4852 [EAT:Addr] (explorer.exe) QAgent.dll - DllMain : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf12fb ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT725032VLA380 +++++ --- User --- [MBR] f2e9c96a0003bd3bcda5884de07db4b2 [bSP] 6139991970aba5d116638453ca182115 : Legit.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 9946 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20370420 | Size: 295297 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06222014_221738.log
  3. I'm unsure about the exact time but around 2011 - 2012 I lived with a roommate who did not have a computer and I let him use my machine several times to do schoolwork. I don't know for sure, so I won't put the blame on him assuredly but it might have something to do with that. Perhaps it was just me being less-than-careful. I'm typically very meticulous with my internet surfing... but I'm not perfect I was successfully able to delete all four files! I also used CCleaner to remove the registry entries... I don't know why I didn't think of that before. Thank you for the suggestion! The Ad-Aware re-installation issue does indeed appear to be resolved!
  4. ========== OTL ========== Service vToolbarUpdater17.3.0 stopped successfully! Service vToolbarUpdater17.3.0 deleted successfully! File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe not found. Service LavasoftAdAwareService11 stopped successfully! Service LavasoftAdAwareService11 deleted successfully! File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe not found. Service atashost stopped successfully! Service atashost deleted successfully! File C:\Windows\system32\atashost.exe not found. Service SBRE stopped successfully! Service SBRE deleted successfully! File C:\Windows\system32\drivers\SBREdrv.sys not found. Service gzflt stopped successfully! Service gzflt deleted successfully! File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys not found. Service bdftdif stopped successfully! Service bdftdif deleted successfully! File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys not found. Service BdfNdisf stopped successfully! Service BdfNdisf deleted successfully! File c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys not found. Service Trufos stopped successfully! Service Trufos deleted successfully! C:\Windows\System32\drivers\Trufos.sys moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ deleted successfully. File {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll File not found not found. ========== FILES ========== C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\60afd9c0-710d51a2 moved successfully. C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6dd7d5cb-379f402e moved successfully. C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-43aa7268 moved successfully. C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\437d141b-5e638914 moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\SearchInNewTab folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_en\ToolbarTranslation folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_en folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\ToolbarSettings folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\ToolbarLogin folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\DynamicDialogs folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\AppsMetaData folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609 folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\RadioPlayer folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3 folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\MyStuffApps folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Logs folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ExternalComponent folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\EmailNotifier folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAppPendingDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAppApprovalDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAddedAppDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UninstallDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarFirstTimeDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorDialog\Images folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorBubbleDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\NewSearchProtectorDialog\images folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\NewSearchProtectorDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\EngineFirstTimeDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\DetectedAppDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\DefualtImages folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\AddedAppDialog folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube\CacheIcons folder moved successfully. C:\Users\Charlie\AppData\LocalLow\Viral_Tube folder moved successfully. File\Folder C:\Program Files\AVG SafeGuard toolbar not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 06222014_121714
  5. AppData/Local instance - https://www.virustotal.com/en/file/468b61c8abf7370aa38b17a207ce6815cbfb7f9615f60bada2de783f43fe38e5/analysis/1403456696/ ProgramData instance - https://www.virustotal.com/en/file/468b61c8abf7370aa38b17a207ce6815cbfb7f9615f60bada2de783f43fe38e5/analysis/1403456863/ AppData/Local instance - https://www.virustotal.com/en/file/bae8d5e3f515745342ac32095876f113ee5021e75aedfd04d3582a7fed86b910/analysis/1403457121/ ProgramData instance - https://www.virustotal.com/en/file/bae8d5e3f515745342ac32095876f113ee5021e75aedfd04d3582a7fed86b910/analysis/1403456992/ I used re-analyse for the different instances of the same file.
  6. OTL results OTL logfile created on: 6/22/2014 6:32:25 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlie\Desktop Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 58.12% Memory free 7.23 Gb Paging File | 6.31 Gb Available in Paging File | 87.28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.38 Gb Total Space | 142.03 Gb Free Space | 49.25% Space Free | Partition Type: NTFS Drive D: | 9.71 Gb Total Space | 4.31 Gb Free Space | 44.35% Space Free | Partition Type: NTFS Computer Name: CHARLIECOMP | User Name: Charlie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/06/22 06:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2006/11/01 23:38:52 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe ========== Modules (No Company Name) ========== MOD - [2007/05/08 17:10:08 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/12/11 21:01:48 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService -- (Steam Client Service) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - File not found [Auto | Stopped] -- C:\Windows\system32\GameMon.des -- (npggsvc) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11) SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\atashost.exe -- (atashost) SRV - [2014/06/22 00:26:42 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/03/09 06:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/11/18 10:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2006/11/18 10:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2006/11/18 10:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2006/11/18 09:59:50 | 000,036,312 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf) SRV - [2006/11/18 09:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2006/11/18 09:59:02 | 000,032,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2006/11/15 19:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006/10/29 12:03:30 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva281.sys -- (XDva281) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva226.sys -- (XDva226) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva098.sys -- (XDva098) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys -- (npkcrypt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Charlie\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys -- (bdftdif) DRV - File not found [Kernel | System | Stopped] -- c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys -- (BdfNdisf) DRV - [2014/05/19 21:39:05 | 010,533,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2013/11/28 08:38:19 | 000,162,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2013/11/12 19:17:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013/07/17 18:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2013/02/03 23:49:18 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003) DRV - [2011/03/30 02:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KORGUMDS.SYS -- (KORGUMDS) DRV - [2011/03/04 14:44:12 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2009/07/26 21:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008/02/20 21:05:40 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2008/01/19 01:08:49 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC) DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2007/02/15 19:04:29 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm) DRV - [2006/11/29 00:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50) DRV - [2006/11/18 10:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/11/01 23:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006/10/19 18:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006/09/27 19:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro) DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438 IE - HKLM\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {4472A6EE-E9C1-4BCD-98BE-28369F9AB9DA} IE - HKLM\..\SearchScopes\{4472A6EE-E9C1-4BCD-98BE-28369F9AB9DA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP03DC41A9-8CDB-4225-B4C8-14851BAAFEC3&SSPV= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP03DC41A9-8CDB-4225-B4C8-14851BAAFEC3&q={searchTerms}&SSPV= IE - HKCU\..\SearchScopes\{3622C4BB-3F27-4838-8D73-E088FCE42C6F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll File not found FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Users\Charlie\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0\npBFHUpdater.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0\BFHUpdater.exe CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Charlie\AppData\Roaming\Mozilla\plugins\npoctoshape.dll CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Charlie\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Google Update (Enabled) = C:\Users\Charlie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Charlie\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll CHR - plugin: Sparkplayer (Beta) (Enabled) = C:\Users\Charlie\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2009/04/18 16:38:02 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3 - HKLM\..\Toolbar: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Viral Tube Toolbar) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Charlie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.60.2) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.60.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.68.49.50 65.68.49.51 68.94.156.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA}: DhcpNameServer = 65.68.49.50 65.68.49.51 68.94.156.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/20 18:28:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun\autorun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: - File not found Drivers32: midi8 - C:\Windows\System32\KORGUMDD.DRV (KORG INC.) Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm () Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription) Drivers32: msacm.l3acm - C:\Program Files\WIZET\MapleStory\l3codeca.acm File not found Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll (x264vfw project) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/06/22 06:31:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe [2014/06/22 06:29:02 | 001,070,592 | ---- | C] (Farbar) -- C:\Users\Charlie\Desktop\FRST.exe [2014/06/22 00:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014/06/22 00:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS [2014/06/21 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Synthetic Reality [2014/06/21 13:56:29 | 000,000,000 | ---D | C] -- C:\FRST [2014/06/20 20:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2014/06/20 20:16:35 | 000,052,056 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2014/06/20 20:10:10 | 000,000,000 | ---D | C] -- C:\NVIDIA [2014/06/20 20:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2014/06/20 20:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2014/06/20 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2014/06/20 19:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/06/20 13:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2014/06/20 03:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2014/06/19 17:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2014/06/19 16:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2014/06/19 13:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2014/06/19 13:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2014/06/19 13:49:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Documents\Visual Studio 2010 [2014/06/19 13:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2014/06/19 13:46:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2014/06/19 09:23:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\MapleStory [2014/06/18 19:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCHTHACK Phantasy Star Online Blue Burst [2014/06/18 19:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\SCHTHACK Phantasy Star Online Blue Burst [2014/05/24 12:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone [2014/05/24 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hearthstone [2011/07/07 10:07:23 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Charlie\AppData\Roaming\I72F1S5O2U.exe [2009/08/09 01:19:37 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll [2009/08/09 01:19:37 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/06/22 06:33:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/06/22 06:33:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014/06/22 06:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe [2014/06/22 06:29:04 | 001,070,592 | ---- | M] (Farbar) -- C:\Users\Charlie\Desktop\FRST.exe [2014/06/22 06:20:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/06/22 05:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/06/21 22:24:50 | 002,042,317 | ---- | M] () -- C:\Users\Charlie\Desktop\Hearthstone_Screenshot_6.21.2014.22.24.48.png [2014/06/21 20:42:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/06/21 20:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/06/21 16:43:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2014/06/21 16:21:34 | 000,186,368 | ---- | M] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/06/21 14:51:38 | 000,000,261 | ---- | M] () -- C:\Windows\System32\msexcr.ini [2014/06/21 12:55:41 | 008,168,037 | ---- | M] () -- C:\Users\Charlie\Desktop\Behind your eyes (6-21).mp3 [2014/06/20 23:09:51 | 000,020,713 | ---- | M] () -- C:\Users\Charlie\Desktop\10423969_788453764532436_5950870639608438180_n.jpg [2014/06/20 23:09:45 | 000,021,740 | ---- | M] () -- C:\Users\Charlie\Desktop\10440966_10152510824977128_4352199495854055496_n.jpg [2014/06/20 23:09:38 | 000,015,026 | ---- | M] () -- C:\Users\Charlie\Desktop\10440647_848361048527169_5925515536395426123_n.jpg [2014/06/20 23:09:02 | 000,012,559 | ---- | M] () -- C:\Users\Charlie\Desktop\10458029_1435333460071326_8786328949490412777_n.jpg [2014/06/20 23:08:55 | 000,051,263 | ---- | M] () -- C:\Users\Charlie\Desktop\10482522_10152154642913314_2170049731646842783_n.jpg [2014/06/20 23:08:42 | 000,093,847 | ---- | M] () -- C:\Users\Charlie\Desktop\10339552_282848785228633_7480401394441817316_n.jpg [2014/06/20 23:05:52 | 000,022,395 | ---- | M] () -- C:\Users\Charlie\Desktop\1402292213146.jpg [2014/06/20 20:02:25 | 000,001,356 | ---- | M] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat [2014/06/20 18:23:32 | 000,025,240 | ---- | M] () -- C:\Users\Charlie\Desktop\10426744_1462427267330042_744597020642613737_n.jpg [2014/06/20 03:31:17 | 621,019,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2014/06/20 03:31:17 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2014/06/20 03:31:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2014/06/19 16:47:56 | 000,698,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/06/19 16:47:56 | 000,138,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/06/19 15:28:14 | 000,001,341 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\AdAwareSecurityCenter - Shortcut.lnk [2014/06/19 13:59:11 | 294,296,727 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014/06/18 22:47:55 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014/06/18 19:40:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Schthack PSO BB.lnk [2014/06/18 12:46:19 | 000,082,383 | ---- | M] () -- C:\Users\Charlie\Desktop\1401766370307.jpg [2014/06/18 12:36:55 | 009,325,787 | ---- | M] () -- C:\Users\Charlie\Desktop\fotoshoppe praux (6-18).mp3 [2014/06/16 11:05:12 | 000,011,987 | ---- | M] () -- C:\Users\Charlie\Desktop\1402285002739.jpg [2014/06/06 21:45:27 | 002,579,923 | ---- | M] () -- C:\Users\Charlie\Desktop\what in ze ######.mp3 [2014/06/05 23:12:06 | 001,585,180 | ---- | M] () -- C:\Users\Charlie\Desktop\traaaaaaaaaaaap.mp3 [2014/05/24 12:23:26 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/06/21 22:24:50 | 002,042,317 | ---- | C] () -- C:\Users\Charlie\Desktop\Hearthstone_Screenshot_6.21.2014.22.24.48.png [2014/06/21 14:51:38 | 000,000,261 | ---- | C] () -- C:\Windows\System32\msexcr.ini [2014/06/21 12:52:03 | 008,168,037 | ---- | C] () -- C:\Users\Charlie\Desktop\Behind your eyes (6-21).mp3 [2014/06/20 23:09:51 | 000,020,713 | ---- | C] () -- C:\Users\Charlie\Desktop\10423969_788453764532436_5950870639608438180_n.jpg [2014/06/20 23:09:44 | 000,021,740 | ---- | C] () -- C:\Users\Charlie\Desktop\10440966_10152510824977128_4352199495854055496_n.jpg [2014/06/20 23:09:38 | 000,015,026 | ---- | C] () -- C:\Users\Charlie\Desktop\10440647_848361048527169_5925515536395426123_n.jpg [2014/06/20 23:09:01 | 000,012,559 | ---- | C] () -- C:\Users\Charlie\Desktop\10458029_1435333460071326_8786328949490412777_n.jpg [2014/06/20 23:08:55 | 000,051,263 | ---- | C] () -- C:\Users\Charlie\Desktop\10482522_10152154642913314_2170049731646842783_n.jpg [2014/06/20 23:08:41 | 000,093,847 | ---- | C] () -- C:\Users\Charlie\Desktop\10339552_282848785228633_7480401394441817316_n.jpg [2014/06/20 20:17:35 | 003,774,821 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2014/06/20 18:23:31 | 000,025,240 | ---- | C] () -- C:\Users\Charlie\Desktop\10426744_1462427267330042_744597020642613737_n.jpg [2014/06/19 15:28:14 | 000,001,341 | ---- | C] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\AdAwareSecurityCenter - Shortcut.lnk [2014/06/19 13:59:11 | 294,296,727 | ---- | C] () -- C:\Windows\MEMORY.DMP [2014/06/18 22:47:55 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014/06/18 19:40:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Schthack PSO BB.lnk [2014/06/18 12:46:19 | 000,082,383 | ---- | C] () -- C:\Users\Charlie\Desktop\1401766370307.jpg [2014/06/18 00:41:48 | 009,325,787 | ---- | C] () -- C:\Users\Charlie\Desktop\fotoshoppe praux (6-18).mp3 [2014/06/16 11:05:11 | 000,011,987 | ---- | C] () -- C:\Users\Charlie\Desktop\1402285002739.jpg [2014/06/16 11:05:09 | 000,022,395 | ---- | C] () -- C:\Users\Charlie\Desktop\1402292213146.jpg [2014/06/06 21:44:54 | 002,579,923 | ---- | C] () -- C:\Users\Charlie\Desktop\what in ze ######.mp3 [2014/06/05 23:11:46 | 001,585,180 | ---- | C] () -- C:\Users\Charlie\Desktop\traaaaaaaaaaaap.mp3 [2014/05/24 12:23:26 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk [2014/02/03 22:16:30 | 000,135,288 | ---- | C] () -- C:\Windows\System32\bdfwcore.dll [2013/02/03 23:49:18 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys [2013/02/03 23:49:18 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys [2013/01/14 14:10:19 | 000,000,024 | ---- | C] () -- C:\Users\Charlie\random.dat [2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012/03/25 00:16:35 | 000,078,652 | ---- | C] () -- C:\Users\Charlie\538221_3416161079299_1128249393_3360543_1769632363_n.jpg [2011/12/22 19:42:35 | 000,011,650 | -HS- | C] () -- C:\Users\Charlie\AppData\Local\78o3n757p0uaj8r65a5aa [2011/12/22 19:42:35 | 000,011,650 | -HS- | C] () -- C:\ProgramData\78o3n757p0uaj8r65a5aa [2011/12/20 22:43:54 | 000,009,664 | -HS- | C] () -- C:\ProgramData\62f6l637p2ucp2r14q5ci [2011/12/20 22:43:53 | 000,009,664 | -HS- | C] () -- C:\Users\Charlie\AppData\Local\62f6l637p2ucp2r14q5ci [2011/08/25 07:09:06 | 000,001,356 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat [2010/04/26 18:58:00 | 085,297,082 | ---- | C] () -- C:\Users\Charlie\Pokemon.rar [2010/04/01 10:53:12 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi [2009/09/24 18:28:23 | 000,000,095 | ---- | C] () -- C:\Users\Charlie\AppData\Local\fusioncache.dat [2009/08/15 15:24:37 | 000,001,648 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d8caps.dat [2009/08/09 01:23:02 | 001,222,776 | ---- | C] () -- C:\Program Files\check.md [2009/08/09 01:23:02 | 000,000,044 | ---- | C] () -- C:\Program Files\AutoRun.inf [2009/08/09 01:19:37 | 000,028,672 | ---- | C] () -- C:\Program Files\JPGI.dll [2009/05/06 13:35:22 | 000,006,144 | ---- | C] () -- C:\Users\Charlie\shock.MSWMM [2008/06/23 15:13:33 | 000,138,056 | ---- | C] () -- C:\Users\Charlie\AppData\Roaming\PnkBstrK.sys [2008/05/31 01:15:21 | 000,018,944 | ---- | C] () -- C:\Users\Charlie\leetdpsshadow.MSWMM [2008/05/30 20:38:00 | 000,058,880 | ---- | C] () -- C:\Users\Charlie\maiden.MSWMM [2008/05/30 20:13:19 | 000,070,144 | ---- | C] () -- C:\Users\Charlie\curator.MSWMM [2008/05/26 21:04:46 | 000,163,328 | ---- | C] () -- C:\Users\Charlie\faulcorndps.MSWMM [2007/11/28 22:30:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007/11/25 12:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Charlie\AppData\Roaming\wklnhst.dat [2007/06/16 00:42:29 | 000,108,032 | ---- | C] () -- C:\Users\Charlie\priestsgonewild.MSWMM [2007/05/09 21:52:59 | 000,379,904 | ---- | C] () -- C:\Users\Charlie\FaulcornPvPVideo.MSWMM [2007/05/03 21:24:18 | 000,186,368 | ---- | C] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/07/26 04:11:28 | 001,233,428 | -H-- | C] () -- C:\Users\Charlie\AppData\Roaming\Charlielog.dat ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/09/27 15:48:28 | 000,000,000 | -HSD | M] -- C:\Users\Charlie\AppData\Roaming\.# [2014/06/02 17:08:01 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\.minecraft [2012/12/06 10:27:53 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\.techniclauncher [2014/05/04 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Battle.net [2014/06/18 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\BitTorrent [2007/05/30 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Image Zone Express [2012/11/02 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Image-Line [2014/02/02 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Octoshape [2013/01/25 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\PFStaticIP [2007/05/30 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Printer Info Cache [2012/11/05 08:41:59 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Publish Providers [2007/05/03 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SampleView [2012/11/05 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Sony [2012/11/05 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Sony Creative Software Inc [2007/06/14 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SQLyog [2012/07/13 15:12:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SynthMaker [2007/11/25 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Template [2012/09/11 01:52:18 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TS3Client [2013/01/31 14:45:17 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software [2013/03/14 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TunkDesign [2014/02/09 04:47:41 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\VistaCodecs [2011/06/05 13:54:50 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WindSolutions ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/07/15 10:02:19 | 000,045,835 | ---- | M] () -- C:\aaw7boot.log [2009/08/20 18:28:23 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2014/06/19 13:02:33 | 000,000,720 | ---- | M] () -- C:\console.log [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007/12/13 21:34:42 | 000,000,164 | ---- | M] () -- C:\install.dat [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010/03/05 00:23:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/10/25 15:38:02 | 000,001,060 | -H-- | M] () -- C:\IPH.PH [2010/03/05 00:23:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2014/06/21 20:33:04 | 4069,834,752 | -HS- | M] () -- C:\pagefile.sys [2007/02/15 19:18:25 | 000,000,163 | ---- | M] () -- C:\power2go.log [2009/04/18 16:38:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1 [2009/04/18 16:38:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2 [2009/08/20 18:31:43 | 000,000,086 | ---- | M] () -- C:\Setup.log [2009/08/20 18:17:45 | 000,000,159 | ---- | M] () -- C:\SetupLCVI.log [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2010/12/23 06:52:54 | 000,001,658 | -H-- | M] () -- C:\Users\Charlie\AppData\Roaming\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > [2005/11/10 18:49:50 | 000,000,044 | ---- | M] () -- C:\Program Files\AutoRun.inf [2008/11/26 16:02:16 | 001,222,776 | ---- | M] () -- C:\Program Files\check.md [2012/05/15 15:05:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [2000/09/15 15:51:56 | 000,372,736 | ---- | M] (Intel Corporation) -- C:\Program Files\ijl15.dll [2002/08/15 23:58:04 | 000,028,672 | ---- | M] () -- C:\Program Files\JPGI.dll [2005/05/10 18:54:30 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\unicows.dll < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-06-22 08:00:40 < End of report > Extras.Txt
  7. I've tried re-downloading several times and am getting the same errors, so I'm switching to OTL. In the meantime here are the results of my eset scan: C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\60afd9c0-710d51a2 Java/Exploit.CVE-2011-3544.H trojan C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6dd7d5cb-379f402e a variant of Java/Exploit.CVE-2010-0840.NAF trojan C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-43aa7268 a variant of Java/Exploit.CVE-2010-0840.NAF trojan C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\437d141b-5e638914 Java/Exploit.CVE-2011-3544.H trojan C:\Users\Charlie\AppData\LocalLow\Viral_Tube\hk64tbVir0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\hktbVir0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVir0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVir2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVira.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir1.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVira.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application C:\Users\Charlie\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Charlie\Downloads\VistaCodecs_v661.exe Win32/DownWare.L potentially unwanted application
  8. Ohhh so the documents and settings link must just be for compatibility reasons for any program that still points to that target so it gets re-routed correctly.. I see why I couldn't open it now Okay, I've updated flash! Thank you for that info I didn't even realize how old my installation was. I've moved FRST to the desktop and followed your instructions for the fixlist.txt file on the desktop as well. As far as I can see there are no broken lines in the code, but I've received an error message every time I've tried to run the fix Line 6654 (File "C:\Users\Charlie\Desktop\FRST.exe"): Error: Variable used without being declared. I am now running the eset online scan as you requested and will post the contents of the results when they are finished!
  9. I've started to re-route ownership of some of these folders, as I think that may be what's causing part of my problem. I'll post back again if I have any success. Edit: There are many folders that I am the owner of that I am still not allowed to perform changes on... I think my real problem is vista XD
  10. First of all thank you for the reply, I appreciate your help very much. I have show hidden files ticked under folder options, along with unchecking the other two boxes that hide system files/extensions. When trying to view Documents & Settings or ApplicationData it gives me the access denied error. Upon trying to change permissions it gives me the same error. I am on an administrator account. Perhaps that is related to my difficulty with uninstalling Ad-Aware normally? Either way I was unable to obtain any Ad-Aware logs. Also, in my ProgramData folder there is no Lavasoft folder. As well as there are no msi files whatsoever in my Local/Temp folder. I've run the AVG removal tool, thank you for suggesting that! I've also attached the SystemInformation and FRST files you requested. Once again, I am very grateful for your assistance! Addition.txt FRST.txt SystemInformation.zip
  11. As a last bit of information.. The installation package is named "AdAwareInstaller_win32_11.1.5354.0.msi" <-- is this an official lavasoft package? It is being downloaded from "http://downloadnada.lavasoft.com/update/5354" <-- is this an official lavasoft link? Is this just some auto-update function or is it non-Lavasoft-related malware? If this is an auto-update function of Ad-Aware why was it not removed when I removed all related registry entries, program files, program data, and temp files from my computer?
  12. Hello there! First of all, thank you for taking the time to read my post. Secondly, my operating system is Windows Vista ( yeah yeah, I know ) I have a recurring infection that I cannot find the root of using process explorer or any other tool. No anti-virus can locate or remove it. The infection, surprisingly, is Ad-Aware itself. (or at least appears to be) I'd like to preface this paragraph by saying I've been using Ad-Aware on and off since perhaps 2003 or 2004. I was a paying customer for years around that time. I am not new to Lavasoft nor Ad-Aware. So, I downloaded the free version of Ad-Aware 11 perhaps 6 or more months ago from Lavasoft's official site. It installed just fine like every precursor of today's Ad-Aware that I have used in the past. I scanned a few times over the course of a few months... business as usual. I eventually made the decision to remove Ad-Aware from this computer. My original plan was to clean this computer off - in retrospect I should have just formatted - and use it as a purely offline workstation for the electronic music I produce. Because I was never again going to connect this machine to the internet, I wanted to perform one last scan and then remove Ad-Aware so that I had as many free system resources to devote to my many DAW programs I use for creating music. Here is where the problem came. I was not able to uninstall Ad-Aware normally. Ad-Aware's packaged uninstaller was entirely ineffective as well as control panel's Add/Remove programs tool. RevoUninstaller even had extreme difficulty with (i.e. - was not able to) removing Ad-Aware... it also turned up some very fishy registry entries. In fact, un-installing Ad-Aware from my machine was impossible without using FileAssassin to force-remove several .dlls and other suspect entities. Not a good sign. Perhaps I'm paranoid, so I'll try to remain objective. Now here's where the REAL issue lies: Ad-Aware keeps re-installing itself, without my permission, without any confirmation window, and (worst of all) without any initiation whatsoever. All I have to do is turn on my computer, login to a user, and the installer starts up & completely re-installs Ad-Aware. No user-account-control confirmation window saying that a program is trying to run, no nothing. That's the part that concerns me the most. Any and all input is greatly appreciated, and have a good day! attach.txt dds.txt