Sign in to follow this  
DiscoMilkshakes

Recurring self-installing virus

Recommended Posts

Hello there!

First of all, thank you for taking the time to read my post.

Secondly, my operating system is Windows Vista ( yeah yeah, I know :dry: )

I have a recurring infection that I cannot find the root of using process explorer or any other tool. No anti-virus can locate or remove it.

The infection, surprisingly, is Ad-Aware itself. (or at least appears to be)

I'd like to preface this paragraph by saying I've been using Ad-Aware on and off since perhaps 2003 or 2004. I was a paying customer for years around that time. I am not new to Lavasoft nor Ad-Aware. So, I downloaded the free version of Ad-Aware 11 perhaps 6 or more months ago from Lavasoft's official site.

It installed just fine like every precursor of today's Ad-Aware that I have used in the past.

I scanned a few times over the course of a few months... business as usual.

I eventually made the decision to remove Ad-Aware from this computer. My original plan was to clean this computer off - in retrospect I should have just formatted - and use it as a purely offline workstation for the electronic music I produce. Because I was never again going to connect this machine to the internet, I wanted to perform one last scan and then remove Ad-Aware so that I had as many free system resources to devote to my many DAW programs I use for creating music.

Here is where the problem came. I was not able to uninstall Ad-Aware normally.

Ad-Aware's packaged uninstaller was entirely ineffective as well as control panel's Add/Remove programs tool.

RevoUninstaller even had extreme difficulty with (i.e. - was not able to) removing Ad-Aware... it also turned up some very fishy registry entries.

 

In fact, un-installing Ad-Aware from my machine was impossible without using FileAssassin to force-remove several .dlls and other suspect entities. Not a good sign. :huh: Perhaps I'm paranoid, so I'll try to remain objective.

 

Now here's where the REAL issue lies:

Ad-Aware keeps re-installing itself, without my permission, without any confirmation window, and (worst of all) without any initiation whatsoever.

All I have to do is turn on my computer, login to a user, and the installer starts up & completely re-installs Ad-Aware. No user-account-control confirmation window saying that a program is trying to run, no nothing. That's the part that concerns me the most.

Any and all input is greatly appreciated, and have a good day!

attach.txt

dds.txt

Edited by DiscoMilkshakes

Share this post


Link to post
Share on other sites

As a last bit of information..

The installation package is named "AdAwareInstaller_win32_11.1.5354.0.msi" <-- is this an official lavasoft package?

It is being downloaded from "http://downloadnada.lavasoft.com/update/5354" <-- is this an official lavasoft link?

Is this just some auto-update function or is it non-Lavasoft-related malware?

If this is an auto-update function of Ad-Aware why was it not removed when I removed all related registry entries, program files, program data, and temp files from my computer?

Edited by DiscoMilkshakes

Share this post


Link to post
Share on other sites

Hi DiscoMilkshakes,

 

It's common that if you delete Ad-Aware files without removing all registry entries, Windows will start an installation of Ad-Aware when you right-click a file, since Ad-Aware has en menu item in the right-click menu. I guess, it's something similar that happens in your computer now.

 

"lavasoft.com" is the domain name of Lavasoft. Any sub-domains as "downloadnada.lavasoft.com" would also belong to Lavasoft, but the link in your second post gives me an error message.

 

"AdAwareInstaller_win32_11.1.5354.0.msi" looks like an Ad-Aware installation file, but a file can be called anything. It's common that malware use the same names as normal Windows files or programs, but I don't think that is the reason behind your issues.

 

I don't know what blocked you from uninstalling Ad-Aware in the normal way, but it may be due to the driver of AVG antivirus that is still running in the computer. To get rid of that driver, please run AVG Remover: http://www.avg.com/us-en/utilities

 

Please, check if you can collect the Ad-Aware logs in section 1 on http://www.lavasoftsupport.com/index.php?/topic/33638-collect-logs-for-troubleshooting/ and attach the System Information file (section 3). On Monday, I'll ask my contact person at Lavasoft to read the logs.

 

In the mean time I can help you to get rid of everything that has to do with the potentially unwanted add-ons and settings in your browsers. If you want help with that, please download Farbar Recovery Scan Tool (FRST) and save it on the desktop: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press "More Reply Options" button to see how to attach files).

  • Like 1

Share this post


Link to post
Share on other sites
First of all thank you for the reply, I appreciate your help very much.
I have show hidden files ticked under folder options, along with unchecking the other two boxes that hide system files/extensions. When trying to view Documents & Settings or ApplicationData it gives me the access denied error. Upon trying to change permissions it gives me the same error. I am on an administrator account. Perhaps that is related to my difficulty with uninstalling Ad-Aware normally? Either way I was unable to obtain any Ad-Aware logs.
Also, in my ProgramData folder there is no Lavasoft folder. As well as there are no msi files whatsoever in my Local/Temp folder.

 

I've run the AVG removal tool, thank you for suggesting that!

I've also attached the SystemInformation and FRST files you requested.

Once again, I am very grateful for your assistance!

Addition.txt

FRST.txt

SystemInformation.zip

Share this post


Link to post
Share on other sites

I've started to re-route ownership of some of these folders, as I think that may be what's causing part of my problem. I'll post back again if I have any success.


Edit: There are many folders that I am the owner of that I am still not allowed to perform changes on... I think my real problem is vista XD

Edited by DiscoMilkshakes

Share this post


Link to post
Share on other sites

You're welcome :)

 

1. Please, note that "Documents and Settings" is only available in Windows XP, in Vista and later version it's only a link to the folder that's actually used in those versions, as well as some other folders are also only links. It shouldn't be possible to open "Documents and Settings" when it's only a link. In Vista and later versions, you should check in "C:\ProgramData\Lavasoft\Ad-Aware 11" instead. But if you can't access real folders, it can certainly give strange issues, e.g. impossible to uninstall or install programs. It's possible that the only real solution to issues with ownership and permissions is to reinstall Windows.

 

2. I can see in the logs that there are a lot of files that are deleted instead of correctly uninstalled. I'll try to remove most of those registry entries in the fix below (lines ending with "No file").

 

3. Please, uninstall or update Adobe Flash Player since your current version is very old and contains known vulnerabilities that can be used to infect the computer from a web page.

 

4. Please, move FRST from the Downloads folder to the Desktop.

 

Please, start Notepad.

Copy all text that is in the box:

Task: {05F73DF5-10BA-437E-AA75-15F1AF554832} - System32\Tasks\AVG-Secure-Search-Update_1013b_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: {4A82713A-6E75-4DC5-8FBA-2CC8606FA463} - System32\Tasks\AVG-Secure-Search-Update_1013b_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: {C9F73205-E741-4048-8F2D-4DB3CB25DF57} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
AlternateDataStreams: C:\ProgramData\TEMP:233BFF24
HKU\S-1-5-21-336559941-1480386105-577895080-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
HKU\S-1-5-21-336559941-1480386105-577895080-1001\...\MountPoints2: F - F:\autorun\autorun.exe
HKU\S-1-5-21-336559941-1480386105-577895080-1001\...\MountPoints2: J - J:\Support\AutoRun\AutoRun.exe
HKU\S-1-5-21-336559941-1480386105-577895080-1001\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP03DC41A9-8CDB-4225-B4C8-14851BAAFEC3&SSPV=
URLSearchHook: HKLM - Viral Tube Toolbar - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll No File
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKCU - Viral Tube Toolbar - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP03DC41A9-8CDB-4225-B4C8-14851BAAFEC3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP03DC41A9-8CDB-4225-B4C8-14851BAAFEC3&q={searchTerms}&SSPV=
SearchScopes: HKCU - {4472A6EE-E9C1-4BCD-98BE-28369F9AB9DA} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Viral Tube Toolbar - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll No File
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - Viral Tube Toolbar - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - Viral Tube Toolbar - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - C:\Program Files\Viral_Tube\prxtbVir0.dll No File
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Users\Charlie\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM\...\Chrome\Extension: [cpcciokmdkojnfcdidadlpakopjjmaig] - C:\Users\Charlie\AppData\Local\Temp\ccex.crx [2014-06-21]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-06-21]
S4 atashost; "C:\Windows\system32\atashost.exe" [X]
S4 LavasoftAdAwareService11; "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe" [X]
S4 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]
S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

5. Run an online scan with Eset http://www.eset.com/onlinescan/

 

Un-check "Remove found threats"

Check "Scan Archives"

 

Click "Advanced Settings"

Check:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Click Start

 

When the scan is finished, click on "List of found threats" and then "Export to text file". Copy the content of the text file and paste its content in your answer.

  • Like 1

Share this post


Link to post
Share on other sites

Ohhh so the documents and settings link must just be for compatibility reasons for any program that still points to that target so it gets re-routed correctly.. I see why I couldn't open it now :P

Okay, I've updated flash! Thank you for that info I didn't even realize how old my installation was.

I've moved FRST to the desktop and followed your instructions for the fixlist.txt file on the desktop as well. As far as I can see there are no broken lines in the code, but I've received an error message every time I've tried to run the fix

Line 6654 (File "C:\Users\Charlie\Desktop\FRST.exe"):

Error: Variable used without being declared.

I am now running the eset online scan as you requested and will post the contents of the results when they are finished!

Share this post


Link to post
Share on other sites

Please, delete the FRST file and download the latest version, same link as last time, and try again.

 

If still unsuccessful, please use this tool instead:

Save OTL on the Desktop. http://oldtimer.geekstogo.com/OTL.exe

Close all programs.

Double-click OTL to run it.

 

In the box Custom scan's and fixes paste the contents of this box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click on Quick Scan and do not use the computer while the program runs.

 

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Reply Options" ).

  • Like 1

Share this post


Link to post
Share on other sites

I've tried re-downloading several times and am getting the same errors, so I'm switching to OTL.

In the meantime here are the results of my eset scan:

C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\60afd9c0-710d51a2 Java/Exploit.CVE-2011-3544.H trojan
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6dd7d5cb-379f402e a variant of Java/Exploit.CVE-2010-0840.NAF trojan
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-43aa7268 a variant of Java/Exploit.CVE-2010-0840.NAF trojan
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\437d141b-5e638914 Java/Exploit.CVE-2011-3544.H trojan
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\hk64tbVir0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\hktbVir0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVir0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVir2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ldrtbVira.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVir2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\tbVira.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Charlie\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Charlie\Downloads\VistaCodecs_v661.exe Win32/DownWare.L potentially unwanted application

 

Share this post


Link to post
Share on other sites

OTL results

OTL logfile created on: 6/22/2014 6:32:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlie\Desktop
Windows Vista Home Premium Edition Service Pack 3 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 58.12% Memory free
7.23 Gb Paging File | 6.31 Gb Available in Paging File | 87.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 142.03 Gb Free Space | 49.25% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 4.31 Gb Free Space | 44.35% Space Free | Partition Type: NTFS
Computer Name: CHARLIECOMP | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/22 06:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2006/11/01 23:38:52 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
========== Modules (No Company Name) ==========
MOD - [2007/05/08 17:10:08 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/12/11 21:01:48 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService -- (Steam Client Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\GameMon.des -- (npggsvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\atashost.exe -- (atashost)
SRV - [2014/06/22 00:26:42 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/09 06:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/18 10:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 10:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 10:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 09:59:50 | 000,036,312 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2006/11/18 09:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 09:59:02 | 000,032,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/11/15 19:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/29 12:03:30 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva226.sys -- (XDva226)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva098.sys -- (XDva098)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Charlie\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys -- (bdftdif)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys -- (BdfNdisf)
DRV - [2014/05/19 21:39:05 | 010,533,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/11/28 08:38:19 | 000,162,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/11/12 19:17:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/17 18:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2013/02/03 23:49:18 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2011/03/30 02:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2011/03/04 14:44:12 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/07/26 21:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/20 21:05:40 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/01/19 01:08:49 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/02/15 19:04:29 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/29 00:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/18 10:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/01 23:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/19 18:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/09/27 19:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
IE - HKLM\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {4472A6EE-E9C1-4BCD-98BE-28369F9AB9DA}
IE - HKLM\..\SearchScopes\{4472A6EE-E9C1-4BCD-98BE-28369F9AB9DA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{3622C4BB-3F27-4838-8D73-E088FCE42C6F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Users\Charlie\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Charlie\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Charlie\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Charlie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Charlie\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Sparkplayer (Beta) (Enabled) = C:\Users\Charlie\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2009/04/18 16:38:02 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Viral Tube Toolbar) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Charlie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.60.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.60.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.68.49.50 65.68.49.51 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA}: DhcpNameServer = 65.68.49.50 65.68.49.51 68.94.156.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/20 18:28:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: - File not found
Drivers32: midi8 - C:\Windows\System32\KORGUMDD.DRV (KORG INC.)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Program Files\WIZET\MapleStory\l3codeca.acm File not found
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll (x264vfw project)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/06/22 06:31:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2014/06/22 06:29:02 | 001,070,592 | ---- | C] (Farbar) -- C:\Users\Charlie\Desktop\FRST.exe
[2014/06/22 00:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/06/22 00:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2014/06/21 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Synthetic Reality
[2014/06/21 13:56:29 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/20 20:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/06/20 20:16:35 | 000,052,056 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2014/06/20 20:10:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/06/20 20:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/06/20 20:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/06/20 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/06/20 19:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/20 13:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014/06/20 03:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2014/06/19 17:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/06/19 16:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/06/19 13:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/06/19 13:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/06/19 13:49:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Documents\Visual Studio 2010
[2014/06/19 13:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2014/06/19 13:46:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2014/06/19 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2014/06/19 09:23:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie\Desktop\MapleStory
[2014/06/18 19:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCHTHACK Phantasy Star Online Blue Burst
[2014/06/18 19:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\SCHTHACK Phantasy Star Online Blue Burst
[2014/05/24 12:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014/05/24 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hearthstone
[2011/07/07 10:07:23 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Charlie\AppData\Roaming\I72F1S5O2U.exe
[2009/08/09 01:19:37 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2009/08/09 01:19:37 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/22 06:33:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 06:33:13 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 06:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2014/06/22 06:29:04 | 001,070,592 | ---- | M] (Farbar) -- C:\Users\Charlie\Desktop\FRST.exe
[2014/06/22 06:20:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/22 05:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 22:24:50 | 002,042,317 | ---- | M] () -- C:\Users\Charlie\Desktop\Hearthstone_Screenshot_6.21.2014.22.24.48.png
[2014/06/21 20:42:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/21 20:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/21 16:43:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/06/21 16:21:34 | 000,186,368 | ---- | M] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/21 14:51:38 | 000,000,261 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2014/06/21 12:55:41 | 008,168,037 | ---- | M] () -- C:\Users\Charlie\Desktop\Behind your eyes (6-21).mp3
[2014/06/20 23:09:51 | 000,020,713 | ---- | M] () -- C:\Users\Charlie\Desktop\10423969_788453764532436_5950870639608438180_n.jpg
[2014/06/20 23:09:45 | 000,021,740 | ---- | M] () -- C:\Users\Charlie\Desktop\10440966_10152510824977128_4352199495854055496_n.jpg
[2014/06/20 23:09:38 | 000,015,026 | ---- | M] () -- C:\Users\Charlie\Desktop\10440647_848361048527169_5925515536395426123_n.jpg
[2014/06/20 23:09:02 | 000,012,559 | ---- | M] () -- C:\Users\Charlie\Desktop\10458029_1435333460071326_8786328949490412777_n.jpg
[2014/06/20 23:08:55 | 000,051,263 | ---- | M] () -- C:\Users\Charlie\Desktop\10482522_10152154642913314_2170049731646842783_n.jpg
[2014/06/20 23:08:42 | 000,093,847 | ---- | M] () -- C:\Users\Charlie\Desktop\10339552_282848785228633_7480401394441817316_n.jpg
[2014/06/20 23:05:52 | 000,022,395 | ---- | M] () -- C:\Users\Charlie\Desktop\1402292213146.jpg
[2014/06/20 20:02:25 | 000,001,356 | ---- | M] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat
[2014/06/20 18:23:32 | 000,025,240 | ---- | M] () -- C:\Users\Charlie\Desktop\10426744_1462427267330042_744597020642613737_n.jpg
[2014/06/20 03:31:17 | 621,019,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/06/20 03:31:17 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/06/20 03:31:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/06/19 16:47:56 | 000,698,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/19 16:47:56 | 000,138,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/19 15:28:14 | 000,001,341 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\AdAwareSecurityCenter - Shortcut.lnk
[2014/06/19 13:59:11 | 294,296,727 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/18 22:47:55 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/18 19:40:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Schthack PSO BB.lnk
[2014/06/18 12:46:19 | 000,082,383 | ---- | M] () -- C:\Users\Charlie\Desktop\1401766370307.jpg
[2014/06/18 12:36:55 | 009,325,787 | ---- | M] () -- C:\Users\Charlie\Desktop\fotoshoppe praux (6-18).mp3
[2014/06/16 11:05:12 | 000,011,987 | ---- | M] () -- C:\Users\Charlie\Desktop\1402285002739.jpg
[2014/06/06 21:45:27 | 002,579,923 | ---- | M] () -- C:\Users\Charlie\Desktop\what in ze ######.mp3
[2014/06/05 23:12:06 | 001,585,180 | ---- | M] () -- C:\Users\Charlie\Desktop\traaaaaaaaaaaap.mp3
[2014/05/24 12:23:26 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/21 22:24:50 | 002,042,317 | ---- | C] () -- C:\Users\Charlie\Desktop\Hearthstone_Screenshot_6.21.2014.22.24.48.png
[2014/06/21 14:51:38 | 000,000,261 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2014/06/21 12:52:03 | 008,168,037 | ---- | C] () -- C:\Users\Charlie\Desktop\Behind your eyes (6-21).mp3
[2014/06/20 23:09:51 | 000,020,713 | ---- | C] () -- C:\Users\Charlie\Desktop\10423969_788453764532436_5950870639608438180_n.jpg
[2014/06/20 23:09:44 | 000,021,740 | ---- | C] () -- C:\Users\Charlie\Desktop\10440966_10152510824977128_4352199495854055496_n.jpg
[2014/06/20 23:09:38 | 000,015,026 | ---- | C] () -- C:\Users\Charlie\Desktop\10440647_848361048527169_5925515536395426123_n.jpg
[2014/06/20 23:09:01 | 000,012,559 | ---- | C] () -- C:\Users\Charlie\Desktop\10458029_1435333460071326_8786328949490412777_n.jpg
[2014/06/20 23:08:55 | 000,051,263 | ---- | C] () -- C:\Users\Charlie\Desktop\10482522_10152154642913314_2170049731646842783_n.jpg
[2014/06/20 23:08:41 | 000,093,847 | ---- | C] () -- C:\Users\Charlie\Desktop\10339552_282848785228633_7480401394441817316_n.jpg
[2014/06/20 20:17:35 | 003,774,821 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014/06/20 18:23:31 | 000,025,240 | ---- | C] () -- C:\Users\Charlie\Desktop\10426744_1462427267330042_744597020642613737_n.jpg
[2014/06/19 15:28:14 | 000,001,341 | ---- | C] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\AdAwareSecurityCenter - Shortcut.lnk
[2014/06/19 13:59:11 | 294,296,727 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/18 22:47:55 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/18 19:40:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Schthack PSO BB.lnk
[2014/06/18 12:46:19 | 000,082,383 | ---- | C] () -- C:\Users\Charlie\Desktop\1401766370307.jpg
[2014/06/18 00:41:48 | 009,325,787 | ---- | C] () -- C:\Users\Charlie\Desktop\fotoshoppe praux (6-18).mp3
[2014/06/16 11:05:11 | 000,011,987 | ---- | C] () -- C:\Users\Charlie\Desktop\1402285002739.jpg
[2014/06/16 11:05:09 | 000,022,395 | ---- | C] () -- C:\Users\Charlie\Desktop\1402292213146.jpg
[2014/06/06 21:44:54 | 002,579,923 | ---- | C] () -- C:\Users\Charlie\Desktop\what in ze ######.mp3
[2014/06/05 23:11:46 | 001,585,180 | ---- | C] () -- C:\Users\Charlie\Desktop\traaaaaaaaaaaap.mp3
[2014/05/24 12:23:26 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014/02/03 22:16:30 | 000,135,288 | ---- | C] () -- C:\Windows\System32\bdfwcore.dll
[2013/02/03 23:49:18 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2013/02/03 23:49:18 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2013/01/14 14:10:19 | 000,000,024 | ---- | C] () -- C:\Users\Charlie\random.dat
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/25 00:16:35 | 000,078,652 | ---- | C] () -- C:\Users\Charlie\538221_3416161079299_1128249393_3360543_1769632363_n.jpg
[2011/12/22 19:42:35 | 000,011,650 | -HS- | C] () -- C:\Users\Charlie\AppData\Local\78o3n757p0uaj8r65a5aa
[2011/12/22 19:42:35 | 000,011,650 | -HS- | C] () -- C:\ProgramData\78o3n757p0uaj8r65a5aa
[2011/12/20 22:43:54 | 000,009,664 | -HS- | C] () -- C:\ProgramData\62f6l637p2ucp2r14q5ci
[2011/12/20 22:43:53 | 000,009,664 | -HS- | C] () -- C:\Users\Charlie\AppData\Local\62f6l637p2ucp2r14q5ci
[2011/08/25 07:09:06 | 000,001,356 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat
[2010/04/26 18:58:00 | 085,297,082 | ---- | C] () -- C:\Users\Charlie\Pokemon.rar
[2010/04/01 10:53:12 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/24 18:28:23 | 000,000,095 | ---- | C] () -- C:\Users\Charlie\AppData\Local\fusioncache.dat
[2009/08/15 15:24:37 | 000,001,648 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d8caps.dat
[2009/08/09 01:23:02 | 001,222,776 | ---- | C] () -- C:\Program Files\check.md
[2009/08/09 01:23:02 | 000,000,044 | ---- | C] () -- C:\Program Files\AutoRun.inf
[2009/08/09 01:19:37 | 000,028,672 | ---- | C] () -- C:\Program Files\JPGI.dll
[2009/05/06 13:35:22 | 000,006,144 | ---- | C] () -- C:\Users\Charlie\shock.MSWMM
[2008/06/23 15:13:33 | 000,138,056 | ---- | C] () -- C:\Users\Charlie\AppData\Roaming\PnkBstrK.sys
[2008/05/31 01:15:21 | 000,018,944 | ---- | C] () -- C:\Users\Charlie\leetdpsshadow.MSWMM
[2008/05/30 20:38:00 | 000,058,880 | ---- | C] () -- C:\Users\Charlie\maiden.MSWMM
[2008/05/30 20:13:19 | 000,070,144 | ---- | C] () -- C:\Users\Charlie\curator.MSWMM
[2008/05/26 21:04:46 | 000,163,328 | ---- | C] () -- C:\Users\Charlie\faulcorndps.MSWMM
[2007/11/28 22:30:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/11/25 12:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Charlie\AppData\Roaming\wklnhst.dat
[2007/06/16 00:42:29 | 000,108,032 | ---- | C] () -- C:\Users\Charlie\priestsgonewild.MSWMM
[2007/05/09 21:52:59 | 000,379,904 | ---- | C] () -- C:\Users\Charlie\FaulcornPvPVideo.MSWMM
[2007/05/03 21:24:18 | 000,186,368 | ---- | C] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/26 04:11:28 | 001,233,428 | -H-- | C] () -- C:\Users\Charlie\AppData\Roaming\Charlielog.dat
========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/09/27 15:48:28 | 000,000,000 | -HSD | M] -- C:\Users\Charlie\AppData\Roaming\.#
[2014/06/02 17:08:01 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\.minecraft
[2012/12/06 10:27:53 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\.techniclauncher
[2014/05/04 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Battle.net
[2014/06/18 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\BitTorrent
[2007/05/30 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Image Zone Express
[2012/11/02 15:17:07 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Image-Line
[2014/02/02 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Octoshape
[2013/01/25 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\PFStaticIP
[2007/05/30 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Printer Info Cache
[2012/11/05 08:41:59 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Publish Providers
[2007/05/03 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SampleView
[2012/11/05 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Sony
[2012/11/05 19:32:54 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Sony Creative Software Inc
[2007/06/14 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SQLyog
[2012/07/13 15:12:21 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\SynthMaker
[2007/11/25 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Template
[2012/09/11 01:52:18 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TS3Client
[2013/01/31 14:45:17 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TuneUp Software
[2013/03/14 12:14:26 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\TunkDesign
[2014/02/09 04:47:41 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\VistaCodecs
[2011/06/05 13:54:50 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WindSolutions
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/07/15 10:02:19 | 000,045,835 | ---- | M] () -- C:\aaw7boot.log
[2009/08/20 18:28:23 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/06/19 13:02:33 | 000,000,720 | ---- | M] () -- C:\console.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/12/13 21:34:42 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/03/05 00:23:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/25 15:38:02 | 000,001,060 | -H-- | M] () -- C:\IPH.PH
[2010/03/05 00:23:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/06/21 20:33:04 | 4069,834,752 | -HS- | M] () -- C:\pagefile.sys
[2007/02/15 19:18:25 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2009/04/18 16:38:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/04/18 16:38:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2009/08/20 18:31:43 | 000,000,086 | ---- | M] () -- C:\Setup.log
[2009/08/20 18:17:45 | 000,000,159 | ---- | M] () -- C:\SetupLCVI.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/12/23 06:52:54 | 000,001,658 | -H-- | M] () -- C:\Users\Charlie\AppData\Roaming\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2005/11/10 18:49:50 | 000,000,044 | ---- | M] () -- C:\Program Files\AutoRun.inf
[2008/11/26 16:02:16 | 001,222,776 | ---- | M] () -- C:\Program Files\check.md
[2012/05/15 15:05:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2000/09/15 15:51:56 | 000,372,736 | ---- | M] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2002/08/15 23:58:04 | 000,028,672 | ---- | M] () -- C:\Program Files\JPGI.dll
[2005/05/10 18:54:30 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\unicows.dll
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-06-22 08:00:40
< End of report >

 

 

Extras.Txt

Share this post


Link to post
Share on other sites

1. Upload these files one by one to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:

C:\Users\Charlie\AppData\Local\78o3n757p0uaj8r65a5aa

C:\ProgramData\78o3n757p0uaj8r65a5aa

C:\ProgramData\62f6l637p2ucp2r14q5ci

C:\Users\Charlie\AppData\Local\62f6l637p2ucp2r14q5ci

Since the files are flagged as operating system files and hidden, you have to select to show also hidden and operating system files first, see http://www.bleepingcomputer.com/tutorials/tutorial62.html for a description.

 

 

2. Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

How? See http://www.bleepingcomputer.com/forums/topic114351.html

 

Start the program OTL.

Copy all the lines in the box:

:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\atashost.exe -- (atashost)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys -- (bdftdif)
DRV - File not found [Kernel | System | Stopped] -- c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/07/17 18:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
IE - HKLM\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...51BAAFEC3&SSPV=
IE - HKCU\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...14851BAAFEC3&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Users\Charlie\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Viral Tube Toolbar) - {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Viral Tube Toolbar) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - C:\Program Files\Viral_Tube\prxtbVir0.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll File not found
:Files
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\60afd9c0-710d51a2
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6dd7d5cb-379f402e
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-43aa7268
C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\437d141b-5e638914
C:\Users\Charlie\AppData\LocalLow\Viral_Tube\
C:\Program Files\AVG SafeGuard toolbar
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Paste them into the field "Custom Scans/Fixes".

Click on "Run Fix".

 

If you are asked to restart the computer do that.

 

Notepad will pop-up with a log. Copy it and paste it into your answer.

If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

 

Turn on antivirus program before connecting to internet.

  • Like 1

Share this post


Link to post
Share on other sites
========== OTL ==========

Service vToolbarUpdater17.3.0 stopped successfully!

Service vToolbarUpdater17.3.0 deleted successfully!

File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe not found.

Service LavasoftAdAwareService11 stopped successfully!

Service LavasoftAdAwareService11 deleted successfully!

File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe not found.

Service atashost stopped successfully!

Service atashost deleted successfully!

File C:\Windows\system32\atashost.exe not found.

Service SBRE stopped successfully!

Service SBRE deleted successfully!

File C:\Windows\system32\drivers\SBREdrv.sys not found.

Service gzflt stopped successfully!

Service gzflt deleted successfully!

File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys not found.

Service bdftdif stopped successfully!

Service bdftdif deleted successfully!

File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys not found.

Service BdfNdisf stopped successfully!

Service BdfNdisf deleted successfully!

File c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys not found.

Service Trufos stopped successfully!

Service Trufos deleted successfully!

C:\Windows\System32\drivers\Trufos.sys moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ deleted successfully.

File {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll File not found not found.

========== FILES ==========

C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\60afd9c0-710d51a2 moved successfully.

C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6dd7d5cb-379f402e moved successfully.

C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\76c99d50-43aa7268 moved successfully.

C:\Users\Charlie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\437d141b-5e638914 moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\SearchInNewTab folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_en\ToolbarTranslation folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_en folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\ToolbarSettings folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\ToolbarLogin folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\DynamicDialogs folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609\AppsMetaData folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository\conduit_CT3150609_CT3150609 folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Repository folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\RadioPlayer folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3 folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\plugins folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\MyStuffApps folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Logs folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\ExternalComponent folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\EmailNotifier folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAppPendingDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAppApprovalDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UntrustedAddedAppDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\UninstallDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\ToolbarFirstTimeDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorDialog\Images folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\SearchProtectorBubbleDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\NewSearchProtectorDialog\images folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\NewSearchProtectorDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\EngineFirstTimeDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\DetectedAppDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\DefualtImages folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs\AddedAppDialog folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\Dialogs folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube\CacheIcons folder moved successfully.

C:\Users\Charlie\AppData\LocalLow\Viral_Tube folder moved successfully.

File\Folder C:\Program Files\AVG SafeGuard toolbar not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point


OTL by OldTimer - Version 3.2.69.0 log created on 06222014_121714

Share this post


Link to post
Share on other sites

1. The results from Virustotal and other searches shows that the files aren't malicious themselves, but probably are created by malware. Was the computer infected with a fake program (antivirus, hard disk diagnostic etc) in December 2011?

Can you delete the four files yourself?

 

2. Please, save RougueKiller on the Desktop.

For 32 bits Windows: http://www.adlice.com/softs/roguekiller/RogueKiller.exe

For 64 bits Windows: http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

 

Turn off all running programs and remove any external drives and other devices connected with USB etc. except mouse and keyboard.

 

Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

 

Wait until "Prescan" has finished.

Click on "Scan" button in upper right corner.

Wait until the scan has finished.

 

A report with a name similar to RKreport.txt should have been created on the desktop.

Please, post it in your answer.

 

3. To check if Ad-Aware is registered for the menu displayed when you right-click a file or folder, you can use a program that can edit right-click menus. The page http://www.raymond.cc/blog/how-to-edit-right-click-context-menu/ lists such programs in item 3, 6 and 7, and since you already have CCleaner I guess it's easiest to use that program and delete any references to Ad-Aware in the right-click menus.

 

4. Restart the computer and check if Windows still wants to install Ad-Aware.

  • Like 1

Share this post


Link to post
Share on other sites

I'm unsure about the exact time but around 2011 - 2012 I lived with a roommate who did not have a computer and I let him use my machine several times to do schoolwork. I don't know for sure, so I won't put the blame on him assuredly but it might have something to do with that. Perhaps it was just me being less-than-careful. I'm typically very meticulous with my internet surfing... but I'm not perfect ^_^

I was successfully able to delete all four files!

I also used CCleaner to remove the registry entries... I don't know why I didn't think of that before. Thank you for the suggestion! The Ad-Aware re-installation issue does indeed appear to be resolved! :D

Edited by DiscoMilkshakes

Share this post


Link to post
Share on other sites

And here are the RogueKiller results

RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software
Operating System : Windows Vista (6.0.6002 Service Pack 3) 32 bits version
Started in : Normal mode
User : Charlie [Admin rights]
Mode : Scan -- Date : 06/22/2014 22:37:14
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 18 ¤¤¤
[shell.HJ] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E5139195-F699-4BDC-9987-58A6DB6E92EA} | DhcpNameServer : 65.68.49.50 65.68.49.51 68.94.156.1 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F0D7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-336559941-1480386105-577895080-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> FOUND
[broken.Val] HKEY_CLASSES_ROOT\.exe\shell\open\command | : No Data -> FOUND
¤¤¤ Scheduled tasks : 7 ¤¤¤
[suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\Charlie\AppData\Local\Temp\IHUAF81.tmp.exe) -> FOUND
[suspicious.Path] \\{411994B6-A81A-4F08-98A6-9809277DD6AE} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\175.16_geforce_winvista_32bit_english_whql.exe -d C:\Users\Charlie) -> FOUND
[suspicious.Path] \\{71A5CDA2-BAD3-436C-B6DE-ED9C5DAFC574} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39O910HG\175.19_geforce_winvista_32bit_english_whql[1].exe" -d C:\Users\Charlie\Desktop) -> FOUND
[suspicious.Path] \\{79A963BE-22F9-423B-B6EF-F923377AE923} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\WoW-2.2.3.7359-to-0.3.0.7441-enUS-downloader.exe -d C:\Windows\system32) -> FOUND
[suspicious.Path] \\{C05F76CD-E48D-44D2-A4B8-82BD22621B64} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Charlie\Desktop\175.19_geforce_winvista_32bit_english_whql.exe -d C:\Users\Charlie\Desktop) -> FOUND
[suspicious.Path] \\{CAD21592-0205-4B37-B6E6-4950A4A3EE5B} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Ares\My Shared Folder\the sims 2(2).exe" -d "C:\Users\Charlie\AppData\Local\Ares\My Shared Folder") -> FOUND
[suspicious.Path] \\{ECBF630B-7D84-4EA7-BE84-90AC591F82FB} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBKJ5XOV\GCLiteSetup14[1].exe" -d C:\Windows\system32) -> FOUND
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 118 ¤¤¤
[EAT:Addr] (explorer.exe) WINTRUST.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74e9152c
[EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x74e9c80a
[EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x74e8dd2c
[EAT:Addr] (explorer.exe) WINTRUST.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x74e97041
[EAT:Addr] (explorer.exe) WINTRUST.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x74e9c9a7
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x74e91135
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x74e97131
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x74e9118c
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x74e87339
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x74e85197
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x74e9c83a
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x74e9b7e8
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x74e9c776
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x74e9c7b9
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x74e9b81e
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x74e9b9c1
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x74e9c6e7
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x74e90020
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x74e90096
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x74e978fd
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x74e9c7c9
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x74e97908
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x74e97913
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x74e9791e
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x74e9c735
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x74e8630f
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x74e9b639
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x74e8a5b1
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x74e89f93
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x74e8b046
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x74e83258
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x74e9b5b0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x74e984e4
[EAT:Addr] (explorer.exe) WINTRUST.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x74e83ef8
[EAT:Addr] (explorer.exe) WINTRUST.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x74e8657d
[EAT:Addr] (explorer.exe) WINTRUST.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x74e876f9
[EAT:Addr] (explorer.exe) WINTRUST.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x74e9c646
[EAT:Addr] (explorer.exe) WINTRUST.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x74e9ca90
[EAT:Addr] (explorer.exe) WINTRUST.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x74e9c30f
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x74e86da8
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74e9c19d
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x74e8dc66
[EAT:Addr] (explorer.exe) WINTRUST.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74e9c06b
[EAT:Addr] (explorer.exe) WINTRUST.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e91cb5
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74e9cb05
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x74e9705d
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x74e9c527
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x74e87083
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74e92d45
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74e9be6f
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74e8ce28
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74e9c5ba
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e87135
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74e82d8e
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x74e8540a
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74e9bfbb
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74e9bd35
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74e9bbe9
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x74e9c3ca
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74e9232c
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74e8c94f
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x74e8f459
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x74e9b6c3
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x74e9cbea
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x74e82c3b
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x74e9ce45
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x74e8faf7
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x74e9cd46
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x74e9ccd2
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x74e9cc5e
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x74e9b82e
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x74e9c933
[EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74e9b8be
[EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x74e8e373
[EAT:Addr] (explorer.exe) WINTRUST.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x74e83de5
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x74e9ba7f
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x74e9b56c
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x74e9121d
[EAT:Addr] (explorer.exe) WINTRUST.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74e9cdbc
[EAT:Addr] (explorer.exe) WINTRUST.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x74e93861
[EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x74e9b710
[EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x74e9b75e
[EAT:Addr] (explorer.exe) WINTRUST.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x74e9c8b0
[EAT:Addr] (explorer.exe) WINTRUST.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x74e9ca1c
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e87ba3
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74e9c149
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e87d5d
[EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74e9c21a
[EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e90dee
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74e9cb82
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74e92c09
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74e9bf0a
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x74e9bb47
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x74e92149
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74e8cebb
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x74e93188
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74e85a70
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x74e9c45d
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x74e855f8
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e91284
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74e85305
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74e8e857
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74e9bdc9
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74e9bc84
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74e84c48
[EAT:Addr] (explorer.exe) WINTRUST.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74e9b93f
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74e9c171
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74e9c149
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74e9c2e3
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x74e9b83a
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x74e9b84a
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x74e9b85a
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x74e9b86a
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x74e9cd78
[EAT:Addr] (explorer.exe) WINTRUST.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x74e9b7ac
[EAT:Addr] (explorer.exe) QAgent.dll - DllCanUnloadNow : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf155f
[EAT:Addr] (explorer.exe) QAgent.dll - DllGetClassObject : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf4852
[EAT:Addr] (explorer.exe) QAgent.dll - DllMain : C:\Windows\System32\SndVolSSO.dll @ 0x6fdf12fb
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725032VLA380 +++++
--- User ---
[MBR] f2e9c96a0003bd3bcda5884de07db4b2
[bSP] 6139991970aba5d116638453ca182115 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 9946 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20370420 | Size: 295297 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_06222014_221738.log

Share this post


Link to post
Share on other sites

You're welcome :)

Good that Ad-Aware is now completely gone.

 

Nothing in the RogueKiller log that needs any actions.

 

Start OTL program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process" and DDS, FRST and OTL will be uninstalled.

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

  • Like 1

Share this post


Link to post
Share on other sites

Okay, everything seems to be taken care of!

Once again I am extremely grateful for all the help you have given me. ^_^

If there is any way I can repay your kindness... any kind of reputation or recommendation system that lavasoft has for their moderators I will gladly do so. If not, then hopefully my thanks is enough!!

  • Like 1

Share this post


Link to post
Share on other sites

Thank you for liking my posts and being nice :)

No need to do anything else.

  • Like 1

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this