Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Virus


  • This topic is locked This topic is locked

#1
scmba

scmba

    Member

  • Member
  • PipPipPip
  • 109 posts
Hi my son got a similar virus on another computer! Sorry. Gorilla price won't uninstall again and new firefox windows constantly pop up with advertisements. Here is the OTL Log and OTL Extras:


OTL logfile created on: 22/2/2014 16:18:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.17% Memory free
7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 829.35 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
PRC - [2014/02/20 18:43:19 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/14 16:41:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/06 10:40:56 | 000,494,080 | ---- | M] () -- C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
PRC - [2014/02/06 09:28:26 | 000,070,144 | ---- | M] () -- C:\ProgramData\gorillaprice\WatGorp.exe
PRC - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
PRC - [2014/01/06 08:15:50 | 000,114,176 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/11/13 12:50:37 | 000,198,424 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
PRC - [2013/11/01 05:11:52 | 000,382,040 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
PRC - [2013/06/04 05:16:00 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/20 18:43:18 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/14 16:41:10 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 01:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/02/20 18:43:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 16:41:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2013/09/05 16:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/12 10:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 19:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/04 05:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 14:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2014/02/17 17:36:19 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1556074467&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://start.mysearc...=1556074467&ir=
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: quiknowledge%40quiknowledge.com:1.9.0.1
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/15 19:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/02/22 13:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/17 18:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Extensions
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2012/05/07 13:33:51 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 13:26:30 | 000,000,975 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\conduit-search.xml
[2014/02/22 13:26:51 | 000,002,407 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\Mysearchdial.xml
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/02/14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 16:41:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - HKLM..\RunOnce: [Del22098352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Del22119428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Del22098352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del22119428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O8 - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...41/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BF7B662-1D91-46CC-B9D4-74AA4DF90A20}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 15:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\jojo\Desktop\virus
[2014/02/22 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Malwarebytes
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/22 15:31:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/22 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/22 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\Programs
[2014/02/22 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{60ED7FF8-D1E7-41CC-9FBA-99196017FE01}
[2014/02/22 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/02/22 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quiknowledge
[2014/02/22 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2014/02/22 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/02/22 13:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2014/02/22 13:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2014/02/22 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/22 13:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2014/02/22 13:24:23 | 000,970,520 | ---- | C] (TMRG, Inc.) -- C:\Windows\SysNative\rlls64.dll
[2014/02/22 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RelevantKnowledge
[2014/02/22 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\gorillaprice
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gorillaprice
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/02/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\SearchProtect
[2014/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/02/18 12:58:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{27B08E7F-63B4-4FF2-A512-A0483B12D40F}
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C
[2014/02/14 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/05 15:13:12 | 000,058,256 | ---- | C] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2014/02/22 17:27:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/22 17:27:28 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001UA.job
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 17:27:28 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/22 17:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:31:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/22 07:25:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 07:25:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 07:18:35 | 000,001,926 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/02/22 07:18:18 | 3063,238,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/21 11:37:55 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jojo.job
[2014/02/21 06:42:44 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001Core.job
[2014/02/12 03:13:41 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 03:13:41 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 03:13:41 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 03:13:33 | 000,773,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 16:03:17 | 394,378,406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/31 02:37:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini

========== Files Created - No Company Name ==========

[2014/02/22 15:31:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/22 13:26:46 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 13:26:25 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/17 17:32:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini
[2013/11/23 12:53:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/31 12:31:32 | 000,001,114 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/14 12:30:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/14 12:29:54 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/22 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\.minecraft
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/22 07:19:00 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Dropbox
[2011/04/24 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\EPSON
[2011/04/17 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\OEM
[2014/02/22 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2012/07/02 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Packard Bell
[2012/05/12 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\WildTangent
[2013/02/09 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 22/2/2014 16:18:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.17% Memory free
7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 829.35 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0072263B-3471-4C73-9874-230FF0FD94FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{0081D40E-2172-4ABF-A1CE-71DCF254826E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06392B3D-4C97-4247-8A38-09DFFB37D15E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0DDE89D2-D378-49CF-B6CE-DEF5A3002841}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21FC9928-BF74-4921-860C-1DA3040F390A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25CFDDD6-8577-4125-B4F0-5C6109CF0804}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2B5364C6-DC6A-4E18-B340-16283DCD3100}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3117BD12-7B49-4568-80A5-65BEB0040920}" = rport=10243 | protocol=6 | dir=out | app=system |
"{360244CC-18C4-4C18-9119-51208660D045}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CBB9598-4ED5-4205-B655-C6F34FF44501}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CF44029-3FC9-481B-BA83-011C144E8FF3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4C446D43-91CF-4A70-AB45-F0EBE72136AC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5367370A-1937-4004-977E-9D1981053FD5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5E3B5348-EC26-4FEE-9A81-8D1D23BF996E}" = lport=445 | protocol=6 | dir=in | app=system |
"{61F37840-D771-4E0F-A822-DA36A6190198}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{672D6D3F-BEE4-4006-B2B6-AE1E4304FCCC}" = rport=139 | protocol=6 | dir=out | app=system |
"{67530C0C-8CE1-4160-BBAF-1F07D9E38E2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{675FF9EE-1441-4380-8413-6AAE021F4ACF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CECEFFA-7E6F-4B9D-97AE-F8B3A042217D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7DADEF7F-8E95-4773-BEE2-1FB35CE58EB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DD020F8-B71A-4D3E-8727-400579239A3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E037990-2A73-4E18-8405-2FC36BA7098C}" = rport=137 | protocol=17 | dir=out | app=system |
"{A395C1F9-CDA2-4A91-8B9A-0C05AB3A1E8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B022172C-07E0-4FAE-A949-C3F91CFC0297}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4BF5587-CA76-47E0-AFBF-D6EB037C9265}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7771EFF-D91E-4C3F-82A2-CCCACDFDAF61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D02249A6-3D81-40CE-B999-5B6EC5611BCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC1BE139-6BF9-473E-B037-F1FEBDD5261F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF21F86A-BA13-4997-8939-C1AFF85A98B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E208625D-DA80-4D16-AE16-896EB7D565C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E49ECFE1-FFAE-4873-BDF4-0E6129393D1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9748EA7-DF8A-4411-A3C6-C8E3C4ADDF3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC7D3BD3-63E5-4CC7-B794-76E8655B093A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04218A14-A9DB-4E07-B70C-686D841A30BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{059B5E18-AB2A-497C-910A-208F4ECCEC69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09E0BD06-F1BF-4D77-8B19-357D0F1938F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0DA54219-A72C-4C55-BE21-EEBFB15B1FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{12A08DB4-9756-49A1-9ABD-03D63FCF030E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13AB8449-9353-4944-B3A3-952CAEB61341}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1512BF0F-C411-4271-9C17-D9898F0F9F1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15E00AA8-21B8-4A4D-ABFA-39358286F187}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{186B5325-0D27-4A2C-A09F-7FC0BDC5236F}" = protocol=1 | dir=in | [email protected],-28543 |
"{19C9C93F-31A3-4DF3-B86C-F6EF5B97C3C3}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
"{1BDD0475-5FB5-44FF-B26C-8B913C961490}" = protocol=58 | dir=out | [email protected],-503 |
"{2F6019E8-DD32-4C52-985B-7E1D4683B953}" = protocol=6 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"{305AD432-93F0-4FE5-843B-F18C7E956295}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37CDAB6B-6A40-4B79-873B-D4C83B532EB5}" = protocol=17 | dir=in | app=c:\users\jojo\appdata\local\temp\7zs2630\hpdiagnosticcoreui.exe |
"{444190FF-2F3D-4C57-8852-C0419581426E}" = protocol=17 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"{47999D51-B5B4-49CE-9180-78E7F0D19831}" = protocol=58 | dir=in | [email protected],-28545 |
"{482F01CA-0B7A-451F-B4F9-A317861CF9D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4E4ABBC0-7F90-46D7-B2AC-42FD37ABA89E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57918B19-B748-4010-86C1-3C792E6AD343}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{5B374DA0-F9E9-4054-ADE6-B8AC7600BF25}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B81A60F-D8FF-4F4E-B7FB-E429844EE04F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5ECAFEDA-8DD3-4BF4-B9B6-5B089875E146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6566CE99-DF45-475C-8352-1FA96774EE46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{67E45388-87C7-42F6-A15E-0798A62F2B74}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{71A64329-F415-4E66-B569-62216073CD91}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7ACA15EB-8FA4-465C-9AF1-324C487E4F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0785A6E-341F-4BFC-8F7C-3A5C3F2000D7}" = protocol=6 | dir=out | app=system |
"{A7F501CB-3AB2-4350-B460-7DDE438789AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB2556BB-B520-4920-A38D-31B09749B361}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B1DB52F5-1015-417B-9933-2294C0B2603F}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
"{B20F53BF-3E4F-4FA7-9BAA-6D21F3214E59}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B24F4274-0DDD-4B74-B9F1-A7B26C240A10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B3F59208-8E23-4434-9B22-7DCD2D68EDBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{C5256A84-82D5-4104-8C6B-26A2AD117088}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
"{C5371F07-7552-4784-A33A-B859F3169014}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C599C5FC-7E03-4F65-871F-13774A0FD8BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8ED133F-BE03-4C49-9010-9EB741A8BC60}" = protocol=6 | dir=in | app=c:\users\jojo\appdata\local\temp\7zs2630\hpdiagnosticcoreui.exe |
"{D245205C-8963-4B8F-B138-DFE42CC8329E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3ACFC0B-9C5E-43E4-BE72-2DE47118CA6C}" = protocol=58 | dir=in | app=system |
"{D568065B-FC8B-470A-8B37-E92E161B5953}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBDFEAA3-1311-4106-A76B-D070C0F2DCCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEA8B832-79DB-4878-AE07-F3AD5851A6FF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9376CD6-799D-4808-9015-D2469ACBD5E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0CCC941-2D64-46F4-A7C4-AD032A12E826}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
"{F34DB0D1-9BE8-46AD-BB7D-7A0D5C97D901}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F42507E7-5D45-46EB-BF93-AD007247623A}" = protocol=1 | dir=out | [email protected],-28544 |
"{F983A3AB-4295-4F1B-B024-1A5A4C263105}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"TCP Query User{3A345319-E841-478C-A12D-668C46F1347C}D:\yes_chinese.exe" = protocol=6 | dir=in | app=d:\yes_chinese.exe |
"TCP Query User{A61BAE57-F6DA-4096-BD16-844AC3B2CB7A}C:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A818377E-EB8E-4F01-8786-F10BBE83A42B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{E62137C1-7172-4AB4-A1BF-33AB00F3A3C6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1BF62B82-3A9B-4427-A1BA-F77DCD4930FA}D:\yes_chinese.exe" = protocol=17 | dir=in | app=d:\yes_chinese.exe |
"UDP Query User{45B4AFA5-C5C0-4D62-837D-03C5D64C9340}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5C9FD6B4-3DFF-4DF4-B829-8D69B096600E}C:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jojo\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F169C5F6-EEC8-4E53-9F8B-E325437E112C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26B4D0E1-6F6D-48DF-8719-80276A259F7E}" = SavetheChildren Reminder by We-Care.com v4.1.26.4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000004}" = Avery Template - U_0112_01_Organizing_0911_10_en
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{dbc6e253-d2c2-4d46-9b3c-5320235d08d3}" = Nero 9 Essentials
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"EPSON Scanner" = EPSON Scan
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenDownloaderManager" = Open Downloader Manager
"OpenIt Open It!" = Open It!
"Plants vs. Zombies" = Plants vs. Zombies
"Quiknowledge" = Quiknowledge
"Stagecast Creator 2" = Stagecast Creator 2
"UPCShell" = LeapFrog Connect
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/2/2014 17:04:54 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7130

Error - 21/2/2014 17:04:54 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7130

Error - 21/2/2014 17:04:55 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21/2/2014 17:04:55 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8393

Error - 21/2/2014 17:04:55 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8393

Error - 22/2/2014 20:10:52 | Computer Name = jojo-computer | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16ac Start Time:
01cf3029fe44b6e7 Termination Time: 10 Application Path: C:\Users\jojo\Desktop\OTL.exe

Report
Id: f1bbd56d-9c1e-11e3-bc46-d027883e3db9

Error - 22/2/2014 20:16:40 | Computer Name = jojo-computer | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: f70 Start Time:
01cf302bd9e29fc7 Termination Time: 0 Application Path: C:\Users\jojo\Desktop\OTL.exe

Report
Id: c2cae42e-9c1f-11e3-bc46-d027883e3db9

Error - 22/2/2014 20:29:46 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22/2/2014 20:29:46 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9984

Error - 22/2/2014 20:29:46 | Computer Name = jojo-computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9984

[ System Events ]
Error - 7/2/2014 11:32:45 | Computer Name = jojo-computer | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 7/2/2014 23:27:19 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =

Error - 8/2/2014 14:21:23 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =

Error - 12/2/2014 7:31:49 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =

Error - 14/2/2014 19:55:20 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =

Error - 18/2/2014 18:02:14 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =

Error - 20/2/2014 14:18:37 | Computer Name = jojo-computer | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.8.106. The computer with the IP address 192.168.8.103 did
not allow the name to be claimed by this computer.

Error - 20/2/2014 16:25:23 | Computer Name = jojo-computer | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.8.106. The computer with the IP address 192.168.8.103 did
not allow the name to be claimed by this computer.

Error - 20/2/2014 17:26:55 | Computer Name = jojo-computer | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.8.106. The computer with the IP address 192.168.8.103 did
not allow the name to be claimed by this computer.

Error - 22/2/2014 11:19:28 | Computer Name = jojo-computer | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements


#2
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Also, I can't find this forum if I click off of it. How can I find this thread on geeks to go when I login again?
  • 0

#3
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Can you only have 2 topics at a time maybe? Scared to click out of this post.
  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Also, I can't find this forum if I click off of it. How can I find this thread on geeks to go when I login again?

Posted Image


You can do that by clicking My Content.

Posted Image


Filter the results by the above delimiter and you should be able to see all threads you made. :thumbsup:
  • 0

#6
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Thanks Pyxis, waiting for your response.
  • 0

#7
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Thanks Pyxis, waiting for your response.

Are you sure these are the logs from your other computer? It looks 100% identical to the other one you posted. :unsure: I'm afraid I will need you to re-run an OTL scan on the computer in question for me to get the correct log.
  • 0

#8
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Yes, this is different, but the virus is very similar. This is jojo computer, other was mister magic and the dates correlate. Anyhow I will run again- had trouble the 1st time with otl stop running after a few minutes.
  • 0

#9
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ok now the virus is blocking most websites I go to, saying, "the proxy server is refusing connections "
  • 0

#10
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ok, got back on. . . yes, these scans are from the right computer: jojo computer 2/22/14, the other scans were titled mistermagic 1/29/14. So these are right.
  • 0

#11
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Ok, ran OTL again, but it didn't give me the "Extras" file. Is that because its the 2nd time I ran it? Can you just use the first "extras"? because I'm sure this is another computer.

OTL logfile created on: 23/2/2014 14:26:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

3.80 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 72.45% Memory free
7.61 Gb Paging File | 6.08 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.91 Gb Total Space | 829.52 Gb Free Space | 90.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
PRC - [2014/02/20 18:43:19 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/14 16:41:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
PRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/31 11:13:58 | 006,369,280 | ---- | M] (OpenDownloadManager.com) -- C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/20 18:43:18 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/14 16:41:10 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/23 09:40:44 | 003,516,416 | ---- | M] () -- C:\Program Files (x86)\OpenDownloaderManager\fdmbtsupp.dll
MOD - [2012/11/23 09:35:26 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\OpenDownloaderManager\fdmumsp.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/08/04 04:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 01:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 02:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/02/20 18:43:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 16:41:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 15:13:12 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2013/09/05 16:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/02 20:54:52 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 01:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/12 10:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 19:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/03/04 05:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 14:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2014/02/17 17:36:19 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1556074467&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://start.mysearc...=1556074467&ir=
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: quiknowledge%40quiknowledge.com:1.9.0.1
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jojo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jojo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/15 19:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/02/22 13:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 16:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/17 18:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Extensions
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/02/22 13:26:46 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2012/05/07 13:33:51 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 15:27:22 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\extensions\[email protected]
[2014/02/22 13:26:30 | 000,000,975 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\conduit-search.xml
[2014/02/22 13:26:51 | 000,002,407 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\te3mhgh1.default\searchplugins\Mysearchdial.xml
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/22 13:26:33 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/02/14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 16:41:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe (OpenDownloadManager.com)
O4 - Startup: C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O8 - Extra context menu item: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...41/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BF7B662-1D91-46CC-B9D4-74AA4DF90A20}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{3d553b01-61b7-11e3-a24e-d027883e3db9}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell - "" = AutoRun
O33 - MountPoints2\{4a16df87-4f1f-11e3-8f0f-d027883e3db9}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 15:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\jojo\Desktop\virus
[2014/02/22 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Malwarebytes
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/22 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/22 15:31:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/22 15:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/22 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\Programs
[2014/02/22 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{60ED7FF8-D1E7-41CC-9FBA-99196017FE01}
[2014/02/22 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/02/22 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quiknowledge
[2014/02/22 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2014/02/22 13:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2014/02/22 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/22 13:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2014/02/22 13:24:23 | 000,970,520 | ---- | C] (TMRG, Inc.) -- C:\Windows\SysNative\rlls64.dll
[2014/02/22 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
[2014/02/22 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2014/02/22 13:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/02/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\SearchProtect
[2014/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/02/18 12:58:39 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Local\{27B08E7F-63B4-4FF2-A512-A0483B12D40F}
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/02/17 17:32:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C
[2014/02/14 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/05 15:13:12 | 000,058,256 | ---- | C] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2014/02/23 14:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/23 14:26:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/23 14:26:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/23 14:16:11 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001UA.job
[2014/02/23 14:15:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/23 08:50:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 08:50:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 08:43:50 | 000,001,926 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/02/23 08:43:29 | 3063,238,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/23 08:09:17 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jojo.job
[2014/02/22 15:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2014/02/22 15:31:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/21 06:42:44 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-751754415-1767991326-142781326-1001Core.job
[2014/02/12 03:13:41 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 03:13:41 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 03:13:41 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 03:13:33 | 000,773,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/05 15:13:12 | 000,058,256 | ---- | M] (Quiknowledge) -- C:\Windows\SysNative\drivers\qknfd.sys
[2014/02/02 16:03:17 | 394,378,406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/31 02:37:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini

========== Files Created - No Company Name ==========

[2014/02/22 15:31:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/22 14:26:12 | 000,000,031 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\WB.CFG
[2014/02/22 13:26:46 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/02/22 13:26:25 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/02/17 17:32:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini
[2013/11/23 12:53:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/31 12:31:32 | 000,001,114 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/14 12:30:46 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/14 12:29:54 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/22 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\.minecraft
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\24x7 Help
[2014/02/22 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\DigitalSites
[2014/02/23 08:43:51 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Dropbox
[2011/04/24 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\EPSON
[2011/04/17 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\OEM
[2014/02/23 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Open Download Manager
[2012/07/02 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Packard Bell
[2012/05/12 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\WildTangent
[2013/02/09 08:17:18 | 000,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Ok, got back on. . . yes, these scans are from the right computer: jojo computer 2/22/14, the other scans were titled mistermagic 1/29/14. So these are right.

It seems that the other one also has the same details as the logs in this thread, which are found below. Please confirm:



Log #1

OTL logfile created on: 22/2/2014 16:18:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.

Log #2

OTL logfile created on: 22/2/2014 16:18:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.

If this is not supposed to be the case, it may be that it's the other thread that has the wrong logs, since you re-ran OTL here, and got the below results:

OTL logfile created on: 23/2/2014 14:26:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jojo\Desktop
Computer Name: JOJO-COMPUTER | User Name: jojo | Logged in as Administrator.

There are no logs under the user "mistermagic" thus far.
  • 0

#13
scmba

scmba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Yes, ignore the other 2 titled "new virus"(looks like there are 3 total), I posted 3x because they were not showing up as posts when i logged back in, so yes the jojo computer logs are right. If you can erase the other 2 "new virus" posts go ahead.

Edited by scmba, 23 February 2014 - 09:27 PM.

  • 0

#14
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
There are only two threads. I'll ask for this one to be closed. Kindly perform the steps I've posted on your other thread. Let's work on your computer from there. :thumbsup:
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
As this appears to be a duplicate topic, this particular topic is now closed...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP