Got Vista OS and using Firefox. MSE finds PWS:win32/zbot.ajb, trojandownloader:win32juluoz.d, virtool:win32/beeinject.gen!KK, trojandropper:win32/rovnix and varients of these. Says it removes then and they keep coming back. Got this from an email and knew it when I did it. What to do?
virtool, trojandownloader, trojandropper, etc - PASTED OTLOG [Solved]
Started by
JPowell
, Jun 01 2014 09:55 AM
-
This topic is locked
#2
Posted 01 June 2014 - 01:39 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Running Vista OS and using Firefox. Got the virus/malware from an email. MSE found PWS:WIN32/ZBOT.AJB, TROJANDOWNLOADER:WIN32/, PSW:WIN32/ZBOTKULUOZ.D, VIRTOOL:WIN32/BEEINJECT.GEN!KK, TROJANDROPPER:WIN32/ROVNIX AND VARIANTS OF THESE. MSE REPORTED HAVING REMOVED ALL OF THE ITEMS BUT THEY STILL KEEP COMING BACK.
OTL logfile created on: 6/1/2014 2:07:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.55% Memory free
4.23 Gb Paging File | 2.89 Gb Available in Paging File | 68.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 34.74 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2014/05/10 20:00:47 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/03 22:55:34 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/11 18:59:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/17 17:28:30 | 001,365,304 | ---- | M] (U3 LLC) -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Modules (No Company Name) ==========
MOD - [2014/05/15 04:00:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/05/10 20:00:21 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [1997/08/26 01:00:00 | 003,782,416 | ---- | M] () -- F:\Office\MSO97.DLL
MOD - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2014/05/31 11:38:51 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 20:00:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sipvzdir.sys -- (sipvzdir)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\riczxsam.sys -- (riczxsam)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bcnajpwo.sys -- (bcnajpwo)
DRV - [2014/06/01 10:36:49 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3CA3D97D-7151-4C05-9FA1-2844CB534196}\MpKsl0341c47f.sys -- (MpKsl0341c47f)
DRV - [2014/05/15 04:00:47 | 000,358,008 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys -- (RapportCerberus_68261)
DRV - [2014/05/03 22:55:48 | 000,170,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/05/03 22:55:46 | 000,249,400 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/04 14:23:50 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 16:34:02 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/12/03 18:05:30 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2009/12/03 18:05:26 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...CtB&cr=85459033
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://start.funmood...CtB&cr=85459033
IE - HKLM\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/130
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKCU\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.callin...ing}&cl=ie&p=go
IE - HKCU\..\SearchScopes\{813192D6-F29D-4C6B-BF36-144F3483B517}: "URL" = http://websearch.ask...0A-DAC339A7FE59
IE - HKCU\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://start.funmood...CtB&cr=85459033
IE - HKCU\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{D40DCCAD-38E9-4EA0-9201-A38D44979C88}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://www.google.co...&rlz=1I7GGIH_en
IE - HKCU\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..backup.old.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...03-14 08:21:54"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ebayHotStuff%40wangtom.com:1.4.0
FF - prefs.js..extensions.enabledAddons: ebayquicksearch%40upaaya:1.0.5
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..extensions.enabledItems: {449fb831-8197-4233-b235-3de13bbc3cd6}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co...nt&gfns=1&q=\""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Jerry\AppData\Roaming\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/20 19:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/15 18:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/05/26 19:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions
[2010/02/16 12:06:12 | 000,000,000 | ---D | M] (webchunks) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6}
[2013/02/11 15:40:54 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2011/11/11 11:03:24 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\ebayquicksearch@upaaya
[2012/12/28 12:56:36 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/26 19:05:23 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/03 06:26:33 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 20:00:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/11 19:02:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/07/11 19:00:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmood...CtB&cr=85459033
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.funmood...CtB&cr=85459033
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Mamooni] "C:\Users\Jerry\AppData\Roaming\Icewbyxy\soyvwua.exe" File not found
O4 - HKCU..\Run: [mtcttgqk] C:\Users\Jerry\AppData\Local\kslvoehg.exe ()
O4 - HKCU..\Run: [ptqxqbva] C:\Users\Jerry\AppData\Local\agbjblsg.exe ()
O4 - HKCU..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///F:/AutoCad/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///F:/AutoCad/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///F:/AutoCad/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///F:/AutoCad/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F69CB4-D720-4208-855B-A29668017FB6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 00:33:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/05 10:34:54 | 000,000,000 | ---D | M] - F:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f43f1601-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/01 14:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 08:51:09 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Extyaxe
[2014/06/01 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Sixyef
[2014/05/31 20:55:54 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xouvny
[2014/05/31 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xeopmyoz
[2014/05/31 12:55:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Ugezfeyg
[2014/05/31 08:58:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Atbohaw
[2014/05/31 08:58:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Buhaatv
[2014/05/31 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
[2014/05/30 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Zuipuh
[2014/05/30 17:34:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
[2014/05/30 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Piracoy
[2014/05/30 08:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Quybaf
[2014/05/30 04:49:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Icewbyxy
[2014/05/29 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
[2014/05/28 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Lyhiyn
[2014/05/28 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Evpura
[2014/05/28 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
[2014/05/27 17:27:01 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Aladim
[2014/05/27 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
[2014/05/27 12:48:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Hobeirib
[2014/05/27 09:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Huodif
[2014/05/27 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Idsuka
[2014/05/27 07:59:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xoucun
[2014/05/26 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
[2014/05/26 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
[2014/05/25 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
[2014/05/24 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
[2014/05/23 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
[2014/05/22 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
[2014/05/22 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
[2014/05/21 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
[2014/05/20 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
[2014/05/20 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
[2014/05/19 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
[2014/05/18 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
[2014/05/17 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
[2014/05/17 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
[2014/05/16 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
[2014/05/16 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPA 608 Certification
[2014/05/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mainstream Engineering Corporation
[2014/05/15 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
[2014/05/14 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
[2014/05/13 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
[2014/05/13 07:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
[2014/05/12 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
[2014/05/11 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
[2014/05/11 02:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
[2014/05/10 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/10 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
[2014/05/09 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
[2014/05/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
[2014/05/08 09:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
[2014/05/07 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
[2014/05/06 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
[2014/05/05 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
[2014/05/05 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
[2014/05/04 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
[2014/05/04 06:46:15 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C2328003-98EF-4638-9235-B971C2B953F3}
[2014/05/03 22:55:46 | 000,123,512 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2014/05/03 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
[2014/05/03 06:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 14:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 13:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 12:31:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 12:31:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 11:11:14 | 000,002,429 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Excel.lnk
[2014/06/01 10:34:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/01 10:34:00 | 000,002,433 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2014/06/01 10:31:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/01 10:31:24 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 01:41:34 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\kmmabuhh.exe
[2014/06/01 01:24:32 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\wwthuhsb.exe
[2014/06/01 01:07:30 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\bovsrbcw.exe
[2014/06/01 00:50:28 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\pmlthrix.exe
[2014/05/31 14:46:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/05/30 17:34:31 | 000,200,704 | ---- | M] () -- C:\Users\Jerry\AppData\Local\kslvoehg.exe
[2014/05/30 13:18:10 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2014/05/29 16:06:54 | 000,204,800 | ---- | M] () -- C:\Users\Jerry\AppData\Local\agbjblsg.exe
[2014/05/27 07:57:14 | 000,012,326 | ---- | M] () -- C:\Users\Jerry\AppData\Local\qlslagsa
[2014/05/27 07:56:13 | 000,068,314 | ---- | M] () -- C:\Users\Jerry\AppData\Local\lepbvhqj
[2014/05/27 07:54:59 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/26 20:00:00 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
[2014/05/25 17:16:36 | 000,870,128 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2014/05/25 17:16:36 | 000,000,004 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2014/05/22 19:44:14 | 000,060,165 | ---- | M] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:57 | 000,055,120 | ---- | M] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/17 10:59:59 | 000,013,824 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 09:52:22 | 000,002,427 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Word.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2014/05/09 17:52:28 | 000,028,015 | ---- | M] () -- C:\Users\Jerry\Desktop\usefulstuff.rtf
[2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/01 01:41:34 | 000,106,504 | ---- | C] () -- C:\Users\Jerry\AppData\Local\kmmabuhh.exe
[2014/06/01 01:24:32 | 000,106,504 | ---- | C] () -- C:\Users\Jerry\AppData\Local\wwthuhsb.exe
[2014/06/01 01:07:30 | 000,106,504 | ---- | C] () -- C:\Users\Jerry\AppData\Local\bovsrbcw.exe
[2014/06/01 00:50:28 | 000,106,504 | ---- | C] () -- C:\Users\Jerry\AppData\Local\pmlthrix.exe
[2014/05/31 16:37:55 | 000,102,408 | ---- | C] () -- C:\Users\Jerry\AppData\Local\lalfwtrd.exe
[2014/05/31 11:38:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/30 17:34:31 | 000,200,704 | ---- | C] () -- C:\Users\Jerry\AppData\Local\kslvoehg.exe
[2014/05/30 17:33:00 | 000,135,176 | ---- | C] () -- C:\Users\Jerry\AppData\Local\ivrsfcti.exe
[2014/05/30 17:25:52 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/30 12:42:08 | 000,117,264 | ---- | C] () -- C:\Users\Jerry\AppData\Local\usluallo.exe
[2014/05/30 08:41:36 | 000,072,720 | ---- | C] () -- C:\Users\Jerry\AppData\Local\vjseuosv.exe
[2014/05/29 16:06:53 | 000,204,800 | ---- | C] () -- C:\Users\Jerry\AppData\Local\agbjblsg.exe
[2014/05/27 07:57:14 | 000,012,326 | ---- | C] () -- C:\Users\Jerry\AppData\Local\qlslagsa
[2014/05/27 07:56:13 | 000,068,314 | ---- | C] () -- C:\Users\Jerry\AppData\Local\lepbvhqj
[2014/05/27 07:54:59 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/22 19:44:13 | 000,060,165 | ---- | C] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:56 | 000,055,120 | ---- | C] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2013/11/30 10:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2013/08/17 11:21:42 | 000,518,200 | ---- | C] () -- C:\Users\Jerry\almost done.jpg
[2013/08/17 11:21:09 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\20130708_144045.jpg
[2013/08/17 11:17:34 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\repair.jpg
[2012/08/29 15:53:35 | 000,384,844 | ---- | C] () -- C:\Users\Jerry\AppData\Local\funmoods-speeddial.crx
[2010/10/25 13:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/15 19:37:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/07/15 19:37:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2009/01/18 17:11:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/14 10:49:13 | 000,000,000 | -H-- | C] () -- C:\Users\Jerry\Lyn and Jerry Xmas.jpg
[2008/01/27 20:38:49 | 000,013,824 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 19:02:50 | 000,000,052 | -H-- | C] () -- C:\Users\Jerry\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/05/27 17:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Aladim
[2014/05/31 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Atbohaw
[2009/02/13 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Autodesk
[2009/08/09 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Berlitz
[2014/05/31 08:58:53 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Buhaatv
[2010/02/07 11:10:47 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Chief Architect X2 Viewer
[2011/12/25 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\deskPDF
[2012/02/03 15:25:20 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DriverCure
[2014/02/24 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Dropbox
[2008/04/16 20:00:52 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\eFax Messenger
[2014/05/28 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Evpura
[2014/06/01 08:51:43 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Extyaxe
[2010/01/15 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Flickr
[2007/08/27 09:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Foresight Software
[2014/01/18 15:55:14 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Highresolution Enterprises
[2014/05/27 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Hobeirib
[2014/05/27 09:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Huodif
[2014/05/30 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Icewbyxy
[2014/05/27 09:19:02 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Idsuka
[2009/01/09 15:00:37 | 000,000,000 | -H-D | M] -- C:\Users\Jerry\AppData\Roaming\Image Zone Express
[2014/05/28 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Lyhiyn
[2011/12/25 18:29:48 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PDFlite
[2014/05/30 12:46:00 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Piracoy
[2012/09/19 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PotPlayerMini
[2008/09/16 19:35:13 | 000,000,000 | -H-D | M] -- C:\Users\Jerry\AppData\Roaming\Printer Info Cache
[2014/05/30 08:47:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Quybaf
[2014/06/01 03:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Sixyef
[2010/11/03 10:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Jerry\AppData\Roaming\Snapfish
[2012/07/22 18:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SparkPDF
[2012/02/03 15:25:20 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SpeedyPC Software
[2012/08/29 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SumatraPDF
[2012/02/03 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Systweak
[2007/12/26 19:03:22 | 000,000,000 | -H-D | M] -- C:\Users\Jerry\AppData\Roaming\Template
[2010/07/12 11:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Thunderbird
[2012/04/04 14:40:59 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TrueCrypt
[2014/05/31 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ugezfeyg
[2007/12/27 18:45:59 | 000,000,000 | -H-D | M] -- C:\Users\Jerry\AppData\Roaming\WinBatch
[2010/11/30 17:13:04 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Windows Live Writer
[2014/05/31 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Xeopmyoz
[2014/05/27 08:00:53 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Xoucun
[2014/05/31 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Xouvny
[2014/05/30 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Zuipuh
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 8256 bytes -> C:\Users\Jerry\Documents\Documents.sdsk:Backup
@Alternate Data Stream - 610 bytes -> C:\Users\Jerry\Documents\Christmas 2012.eml:OECustomProperty
@Alternate Data Stream - 2438 bytes -> C:\Users\Jerry\Documents\Christmas Greetings email 2013.eml:OECustomProperty
@Alternate Data Stream - 1152 bytes -> C:\Users\Jerry\Documents\Re_ [Chukker Nation] just joined 'atlanta pop festivals' group for___.eml:OECustomProperty
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
#3
Posted 01 June 2014 - 02:10 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Hello, JPowell and welcome to GeeksToGo!
You can call me Phel and this time I will try to help you with your trouble.
Please, spend some time to read these instructions carefully before we start. They contain very useful information.
- Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
- Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
- Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
- Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
- Finally, enjoy the fight!
While I'm analyzing your OTL.txt log, can you please post Extras.txt log, which is located on your Desktop?
#4
Posted 01 June 2014 - 02:15 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Phel, Here's the extra log:
OTL Extras logfile created on: 6/1/2014 2:07:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.55% Memory free
4.23 Gb Paging File | 2.89 Gb Available in Paging File | 68.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 34.74 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222C76C-F433-4EE3-BDB0-6E1AC5ABC187}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{084B701A-C4E7-4101-9D76-D7FFB0FC5610}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A048B30-7586-4EFE-A839-6584BC015ED5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13234761-2BCC-47FD-BDB5-B97FEC6B5E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C8EAD5D-6563-4A66-8CBA-E338EC741E49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D3E3ABC-1315-4F09-B17E-09373A6FD160}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{32365E40-481F-438A-9075-853EF47885FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{377BF021-320A-4B52-8B2F-C4EEBC007141}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69A338A1-D6FF-47DF-B4F3-5AAEF9A2B545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FDB8227-2072-42DF-BD74-51C2208745B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79791881-49D6-484B-9EA0-C60712C661FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8271B48E-DFDD-4906-B76A-6CF20B8F75A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82CA7C3E-26BF-42B0-9A2E-9B8EE987FC3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EF6AA8-C491-4CEC-91D3-4F326ACAE0E0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{948748D3-5BD0-4C1A-AE90-3121FF943CC0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96F9828E-CECC-4347-A196-380BFBCEFDB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9AF8113E-D8FE-4D1C-86D0-40C5C987BC5E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BA21B74-1365-41EF-A2BE-0F7E5E32B12E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BE2E7656-818C-40C2-A13B-400F6D70FB56}" = lport=59090 | protocol=6 | dir=in | name=akamai netsession interface |
"{D69E4C9A-98D3-4583-8343-D80ADBA3BFF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D89F9092-ABEA-43D4-92E6-D19B63DDB893}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBA8C13F-6592-4119-AC26-431B253421FA}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08667A1D-DD58-41E2-851D-3D43B97A7B38}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{19D836C6-D3DC-4A68-B24E-A89FFB8B5640}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2CF1B485-C0F2-4340-942C-0F161F4D5B48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{30FD82FC-609F-48D7-AE0C-9CBC76B051FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3284FA8B-01A3-4080-BF16-18CE2B42B748}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3312F3DE-D0BB-420D-9259-9D5BB6AEBAB6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{44D43E1C-7EDF-4D73-8B8B-4F9AC4C0D69B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67838048-9BB0-4556-B8B8-981455901FA3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6F9E2F4A-BDC1-4030-AE9C-8C26D725406D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{7CB56C1D-9A12-4D60-A836-1C307DB9CE72}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{7E4C4C56-44BC-4263-902F-D3F12C5006E2}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{8A9F69E0-B508-4FFF-858C-A8E28EE4D6BF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{94D86C03-7E9E-4770-B3C2-5F10AB85281F}" = protocol=6 | dir=out | app=system |
"{9594015C-F649-4F54-B377-7DE32B020B13}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{95F1811F-6C1E-4937-9A13-CE2A5F49A1B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A98299A9-4AFA-4131-B003-10D8DF36C610}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B505A3E3-19E0-4085-959B-666BE4AB0249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B76088C1-0035-4D16-B398-E7149518D9E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA49AC10-F22E-4292-84E2-F7D07DA37873}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{BC94E65B-64EE-4AAE-9BF4-75C926EDDBBF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD0EEA94-BA1B-45B8-B29F-EAB6ADA53F82}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{BEBE91B8-31A2-4D68-B8B7-A757FB131367}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{CAE2BD84-5A63-4958-A0CB-2DAFAE00EEAA}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{CB3E29A9-0112-4703-AA27-5FE2CF29EEDD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CF0456FD-DAB9-468F-A8CE-06285EE67F0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D05E5A4D-8851-4449-82BF-3247F2BD4D44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{D297B8BF-AB18-440A-AA87-AF00A365FAEA}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0B12346-199F-41F4-94AB-34C50ADFC207}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{E92EE118-8851-4B6E-B59B-3B25E519C4F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED679BBD-5739-4DAC-8197-D8BC3426520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0825D56-1AA4-45C4-AD2C-DB8206CD238E}" = protocol=17 | dir=in | app=f:\nmapp.exe |
"{F0DB9CDD-D977-4F28-BDDE-C17BC0761198}" = protocol=6 | dir=in | app=f:\nmapp.exe |
"{F40F40E3-3F00-43AA-ADC2-53793E673855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6F646C-B12C-4370-802F-0AE266DF0FB1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE829CE7-526E-4EA1-BA66-15C5EC0D1960}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{1192589A-2F24-443B-B030-629668788583}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{6F138BD6-CA74-43B4-9B0C-F98A0355D5CC}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C9D421BC-9593-409F-988C-58E022763E69}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F33A3E4E-3DB9-46D2-8AA6-1E3B56F56735}C:\program files\common files\4warn\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{63205D27-8B88-4280-9E6A-AB8DE9B90B4B}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8550767F-DA2D-4F78-9663-C018929C2C7D}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8D29355C-8FFE-45D7-AD69-5FF7F57C0AEE}C:\program files\common files\4warn\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{D83BBBF8-BB52-413B-98B6-27192A3422C6}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3473F10F-91E5-4F7C-975E-8D1B067F7472}" = Berlitz Before You Know It Flash Cards
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DCC72248-D3D2-4846-8499-A400053A430E}" = TWC User Controls
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8265D3-C3F5-44A3-8FBE-8CDC83BA704B}" = Berlitz Learning System - Spanish
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}" = D1400_Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req
"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}" = D1400
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8872-1522-2113-8155" = EPA 608 Certification 4.0.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AnswerWorks" = AnswerWorks Runtime
"CAAPH2" = APH placeholder
"CameraUserGuide-PSSD940IS_IXUS120IS" = Canon PowerShot SD940 IS_IXUS 120 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"ExpressTools - AutoCAD 2002" = AutoCAD Express Tools - AutoCAD 2002
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"Google Updater" = Google Updater
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstaCodecs_is1" = InstaCodecs
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office8.0" = Microsoft Office 97, Professional Edition
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PDF Reader" = PDF Reader
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PotPlayer" = Daum PotPlayer 1.5.34115
"Rapport_msi" = Trusteer Endpoint Protection
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"Recovery Toolbox for CD Free_is1" = Recovery Toolbox for CD Free 2.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"sl-dlc" = SelectionLinks
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"ToolPac" = ToolPac
"TrueCrypt" = TrueCrypt
"Volo View Express" = Volo View Express
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live Mail to Mac Mail" = Windows Live Mail to Mac Mail
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"PDF Reader" = PDF Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:14 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:15 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:12:39 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:12:40 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 6:31:15 PM | Computer Name = homebase | Source = Application Error | ID = 1000
Description = Faulting application acad.exe, version 21.0.6.30, time stamp 0x3ae3de35,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x0004a246, process id 0x14cc, application start time
0x01cd3088f5f91640.
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
Error - 5/16/2012 10:29:02 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/24/2012 4:14:48 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 5/31/2014 5:50:36 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 5/31/2014 5:50:36 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 5/31/2014 5:50:42 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
Error - 5/31/2014 5:50:42 PM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
Error - 5/31/2014 7:48:51 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7011
Description =
Error - 6/1/2014 11:31:44 AM | Computer Name = homebase | Source = Print | ID = 23
Description = Printer hp psc 1310 series (Copy 1),3 failed to initialize because
a suitable hp psc 1310 series driver could not be found. The new printer settings
that you specified have not taken effect. Install or reinstall the printer driver.
You might need to contact the vendor for an updated driver.
Error - 6/1/2014 11:33:12 AM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 11:33:12 AM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 11:33:15 AM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
Error - 6/1/2014 11:33:15 AM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
< End of report >
#5
Posted 01 June 2014 - 02:29 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Okay, let's start removal.
Step 1. Uninstalling programs.
Your current Chrome Search provider and Homepage are malicious.
Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Home page, please, follow this instruction.
Step 5. OTL scan.
Step 1. Uninstalling programs.
- Open Start menu.
- Click on Control Panel.
- Click on Programs and Features. New window should appear.
- Uninstall these programs one by one, selecting each program and clicking Uninstall button.
- Wajam
- Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:Commands [CREATERESTOREPOINT] :OTL SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...CtB&cr=85459033 IE - HKLM\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://start.funmood...CtB&cr=85459033 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.callin...ing}&cl=ie&p=go IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://start.funmood...CtB&cr=85459033 FF - prefs.js..extensions.enabledItems: {449fb831-8197-4233-b235-3de13bbc3cd6}:1.0 FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5 [2012/12/28 12:56:36 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected] [2010/02/16 12:06:12 | 000,000,000 | ---D | M] (webchunks) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found. O4 - HKCU..\Run: [Mamooni] "C:\Users\Jerry\AppData\Roaming\Icewbyxy\soyvwua.exe" File not found O4 - HKCU..\Run: [mtcttgqk] C:\Users\Jerry\AppData\Local\kslvoehg.exe () O4 - HKCU..\Run: [ptqxqbva] C:\Users\Jerry\AppData\Local\agbjblsg.exe () O4 - HKCU..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found [2014/06/01 08:51:09 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Extyaxe [2014/06/01 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Sixyef [2014/05/31 20:55:54 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xouvny [2014/05/31 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xeopmyoz [2014/05/31 12:55:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Ugezfeyg [2014/05/31 08:58:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Atbohaw [2014/05/31 08:58:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Buhaatv [2014/05/30 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Zuipuh [2014/05/30 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Piracoy [2014/05/30 08:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Quybaf [2014/05/30 04:49:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Icewbyxy [2014/05/28 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Lyhiyn [2014/05/28 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Evpura [2014/05/27 17:27:01 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Aladim [2014/05/27 12:48:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Hobeirib [2014/05/27 09:20:38 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Huodif [2014/05/27 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Idsuka [2014/05/27 07:59:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Xoucun [2014/06/01 01:41:34 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\kmmabuhh.exe [2014/06/01 01:24:32 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\wwthuhsb.exe [2014/06/01 01:07:30 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\bovsrbcw.exe [2014/06/01 00:50:28 | 000,106,504 | ---- | M] () -- C:\Users\Jerry\AppData\Local\pmlthrix.exe [2014/05/30 17:34:31 | 000,200,704 | ---- | M] () -- C:\Users\Jerry\AppData\Local\kslvoehg.exe [2014/05/29 16:06:54 | 000,204,800 | ---- | M] () -- C:\Users\Jerry\AppData\Local\agbjblsg.exe [2014/05/27 07:57:14 | 000,012,326 | ---- | M] () -- C:\Users\Jerry\AppData\Local\qlslagsa [2014/05/27 07:56:13 | 000,068,314 | ---- | M] () -- C:\Users\Jerry\AppData\Local\lepbvhqj [2014/05/31 16:37:55 | 000,102,408 | ---- | C] () -- C:\Users\Jerry\AppData\Local\lalfwtrd.exe [2014/05/30 17:33:00 | 000,135,176 | ---- | C] () -- C:\Users\Jerry\AppData\Local\ivrsfcti.exe [2014/05/30 12:42:08 | 000,117,264 | ---- | C] () -- C:\Users\Jerry\AppData\Local\usluallo.exe [2014/05/30 08:41:36 | 000,072,720 | ---- | C] () -- C:\Users\Jerry\AppData\Local\vjseuosv.exe [2014/05/29 16:06:53 | 000,204,800 | ---- | C] () -- C:\Users\Jerry\AppData\Local\agbjblsg.exe [2012/08/29 15:53:35 | 000,384,844 | ---- | C] () -- C:\Users\Jerry\AppData\Local\funmoods-speeddial.crx :Commands [RESETHOSTS] [REBOOT] - Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Please, download AdwCleaner from here to your Desktop.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- Adwcleaner window should appear.
- Click on Scan button. Scan could take some time to proceed.
- Click on the Clean button.
- Click on OK.
- Computer will be rebooted automatically, when program will finish it's job.
- After fix Notepad window with report should appear. Post the contents of the report in your next message.
Your current Chrome Search provider and Homepage are malicious.
Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Home page, please, follow this instruction.
Step 5. OTL scan.
- Run OTL.
- Click on Scan All Users checkbox, which is located near Quick Scan button.
- Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
BASESERVICES set /c
- Then click the Run Scan button at the top.
- Let the program run unhindered.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
- OTL.txt
- Extras.txt
- AdwCleaner log
#6
Posted 01 June 2014 - 03:42 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Helpers,
Here's AdAware log and what may be a log from OTL. Didn't get any Extras. Cannot get OTL to open but this Notepad doc showed up and I'm assuming that it was generated by OTL even if I can't get it to open now. Also I had trouble understanding #4 about the Chrome settings. Please go step by step. On last reboot got DOS looking screen that said CHKDSK was verifing descriptors (2) and was verifying Indexes (3) and then compacting the security descriptor stream.
# AdwCleaner v3.211 - Report created 01/06/2014 at 16:10:54
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Jerry - HOMEBASE
# Running from : C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\speedypc software
Folder Deleted : C:\Users\Jerry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jerry\AppData\Local\StartNow
Folder Deleted : C:\Users\Jerry\AppData\Local\Wajam
Folder Deleted : C:\Users\Jerry\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Jerry\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Jerry\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jerry\AppData\Roaming\ZoomBrowser EX
Folder Deleted : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\Extensions\[email protected]
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Jerry\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\invalidprefs.js
File Deleted : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93424F9E-70A5-4F18-9C53-B790F1CE8CAF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\prefs.js ]
Line Deleted : user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7B98fb7d29-ece8-4b8e-a99a-0b6d68089449%7D&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&ds[...]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.crossrider.bic", "139e03191449f71fc6ca74b997cfde52");
Line Deleted : user_pref("extensions.funmoods.aflt", "iron2");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0A0E0Dzz0F0B0D0C0ByCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=85459033");
Line Deleted : user_pref("extensions.funmoods.id", "001BB9AED8FBDCB6");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15581");
Line Deleted : user_pref("extensions.funmoods.instlRef", "iron2");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0A0E0Dzz0F0B0D0C0ByCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=85459033"[...]
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0A0E0Dzz0F0B0D0C0ByCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=8545903[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:53:28");
-\\ Google Chrome v
[ File : C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0A0E0Dzz0F0B0D0C0ByCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=85459033
Deleted [Homepage] : hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0A0E0Dzz0F0B0D0C0ByCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=85459033
*************************
AdwCleaner[R0].txt - [9230 octets] - [01/06/2014 16:09:14]
AdwCleaner[S0].txt - [9307 octets] - [01/06/2014 16:10:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9367 octets] ##########
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named WajamUpdater was found to stop!
Service\Driver key WajamUpdater not found.
File C:\Program Files\Wajam\Updater\WajamUpdater.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: {449fb831-8197-4233-b235-3de13bbc3cd6}:1.0 removed from extensions.enabledItems
Prefs.js: plugin%40selectionlinks.com:1.5 removed from extensions.enabledAddons
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]\content folder moved successfully.
Folder move failed. C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected] scheduled to be moved on reboot.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6}\modules folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6}\defaults\preferences folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6}\defaults folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6}\chrome folder moved successfully.
Folder move failed. C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6} scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
File C:\Program Files\Wajam\IE\priam_bho.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mamooni deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mtcttgqk deleted successfully.
C:\Users\Jerry\AppData\Local\kslvoehg.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ptqxqbva deleted successfully.
C:\Users\Jerry\AppData\Local\agbjblsg.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\StartNow Search Protect deleted successfully.
C:\Users\Jerry\AppData\Roaming\Extyaxe folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Sixyef folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Xouvny folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Xeopmyoz folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Ugezfeyg folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Atbohaw folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Buhaatv folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Zuipuh folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Piracoy folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Quybaf folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Icewbyxy folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Lyhiyn folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Evpura folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Aladim folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Hobeirib folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Huodif folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Idsuka folder moved successfully.
C:\Users\Jerry\AppData\Roaming\Xoucun folder moved successfully.
C:\Users\Jerry\AppData\Local\kmmabuhh.exe moved successfully.
C:\Users\Jerry\AppData\Local\wwthuhsb.exe moved successfully.
C:\Users\Jerry\AppData\Local\bovsrbcw.exe moved successfully.
C:\Users\Jerry\AppData\Local\pmlthrix.exe moved successfully.
File C:\Users\Jerry\AppData\Local\kslvoehg.exe not found.
File C:\Users\Jerry\AppData\Local\agbjblsg.exe not found.
C:\Users\Jerry\AppData\Local\qlslagsa moved successfully.
C:\Users\Jerry\AppData\Local\lepbvhqj moved successfully.
File C:\Users\Jerry\AppData\Local\lalfwtrd.exe not found.
File C:\Users\Jerry\AppData\Local\ivrsfcti.exe not found.
File C:\Users\Jerry\AppData\Local\usluallo.exe not found.
File C:\Users\Jerry\AppData\Local\vjseuosv.exe not found.
File C:\Users\Jerry\AppData\Local\agbjblsg.exe not found.
C:\Users\Jerry\AppData\Local\funmoods-speeddial.crx moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 06012014_153743
Files\Folders moved on Reboot...
File\Folder C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected] not found!
C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{449fb831-8197-4233-b235-3de13bbc3cd6} folder moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#7
Posted 01 June 2014 - 03:46 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Geeks, Finally got OTL to run as described. Will send log as soon as it's done.
#8
Posted 01 June 2014 - 03:59 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Geeks, A flash player update notice popped up and I closed it. Then MSE said is cleaning and now it says I must restart computer. I've been going through this for days now and MSE hasn't fixed the problem. That's why I'm here.
#9
Posted 01 June 2014 - 04:09 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Geeks, Here are the logs:
OTL logfile created on: 6/1/2014 4:45:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.12% Memory free
4.23 Gb Paging File | 2.82 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 35.78 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2014/05/10 20:00:47 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/03 22:55:34 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/11 18:59:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/17 17:28:30 | 001,365,304 | ---- | M] (U3 LLC) -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Modules (No Company Name) ==========
MOD - [2014/05/15 04:00:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/05/10 20:00:21 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2009/11/20 15:06:16 | 000,794,624 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\HPM1210GC.DLL
MOD - [2009/11/20 14:42:32 | 002,359,296 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hpm1210su.dll
MOD - [2007/10/18 16:36:54 | 000,061,440 | ---- | M] () -- C:\Windows\System32\deskMenu2.dll
MOD - [1997/08/26 01:00:00 | 003,782,416 | ---- | M] () -- F:\Office\MSO97.DLL
MOD - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2014/05/31 11:38:51 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 20:00:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sipvzdir.sys -- (sipvzdir)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\riczxsam.sys -- (riczxsam)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bcnajpwo.sys -- (bcnajpwo)
DRV - [2014/06/01 16:19:17 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F6EF0D7-B27D-4E40-A7FA-4493BA531EC8}\MpKsl7e8bc4e5.sys -- (MpKsl7e8bc4e5)
DRV - [2014/05/15 04:00:47 | 000,358,008 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys -- (RapportCerberus_68261)
DRV - [2014/05/03 22:55:48 | 000,170,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/05/03 22:55:46 | 000,249,400 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/04 14:23:50 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 16:34:02 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/12/03 18:05:30 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2009/12/03 18:05:26 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/130
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{813192D6-F29D-4C6B-BF36-144F3483B517}: "URL" = http://websearch.ask...0A-DAC339A7FE59
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{D40DCCAD-38E9-4EA0-9201-A38D44979C88}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://www.google.co...&rlz=1I7GGIH_en
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ebayHotStuff%40wangtom.com:1.4.0
FF - prefs.js..extensions.enabledAddons: ebayquicksearch%40upaaya:1.0.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Jerry\AppData\Roaming\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/20 19:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/15 18:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/06/01 16:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions
[2013/02/11 15:40:54 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2011/11/11 11:03:24 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\ebayquicksearch@upaaya
[2014/05/26 19:05:23 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/03 06:26:33 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 20:00:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/11 19:02:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/07/11 19:00:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmood...CtB&cr=85459033
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
O1 HOSTS File: ([2014/06/01 15:38:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Akamai NetSession Interface] C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [rlwobebt] C:\Users\Jerry\AppData\Local\cfmtvloj.exe ()
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///F:/AutoCad/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///F:/AutoCad/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///F:/AutoCad/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///F:/AutoCad/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F69CB4-D720-4208-855B-A29668017FB6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 00:33:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/05 10:34:54 | 000,000,000 | ---D | M] - F:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f43f1601-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/01 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
[2014/06/01 16:10:11 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/01 16:09:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/01 15:37:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/01 14:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/05/31 11:38:51 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/31 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
[2014/05/30 17:34:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
[2014/05/29 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
[2014/05/28 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
[2014/05/27 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
[2014/05/26 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
[2014/05/26 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
[2014/05/25 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
[2014/05/24 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
[2014/05/23 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
[2014/05/22 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
[2014/05/22 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
[2014/05/21 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
[2014/05/20 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
[2014/05/20 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
[2014/05/19 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
[2014/05/18 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
[2014/05/17 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
[2014/05/17 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
[2014/05/16 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
[2014/05/16 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPA 608 Certification
[2014/05/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mainstream Engineering Corporation
[2014/05/15 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
[2014/05/15 03:01:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/14 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
[2014/05/13 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
[2014/05/13 07:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
[2014/05/12 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
[2014/05/11 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
[2014/05/11 02:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
[2014/05/10 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/10 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
[2014/05/09 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
[2014/05/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
[2014/05/08 09:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
[2014/05/07 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
[2014/05/06 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
[2014/05/05 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
[2014/05/05 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
[2014/05/04 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
[2014/05/04 06:46:15 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C2328003-98EF-4638-9235-B971C2B953F3}
[2014/05/03 22:55:46 | 000,123,512 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2014/05/03 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
[2014/05/03 06:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/01 16:52:21 | 000,109,072 | ---- | M] ( ) -- C:\Users\Jerry\AppData\Local\expkgpso.exe
[2014/06/01 16:32:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 16:12:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/01 16:12:53 | 000,002,433 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2014/06/01 16:12:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 16:12:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 16:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/01 16:12:11 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 16:08:15 | 001,327,971 | ---- | M] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/06/01 16:06:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 15:38:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/01 14:46:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/06/01 14:21:28 | 000,208,896 | ---- | M] () -- C:\Users\Jerry\AppData\Local\cfmtvloj.exe
[2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 11:11:14 | 000,002,429 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Excel.lnk
[2014/05/31 11:38:51 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/30 13:18:10 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2014/05/27 07:54:59 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/26 20:00:00 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
[2014/05/25 17:16:36 | 000,870,128 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2014/05/25 17:16:36 | 000,000,004 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2014/05/22 19:44:14 | 000,060,165 | ---- | M] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:57 | 000,055,120 | ---- | M] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/17 10:59:59 | 000,013,824 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 09:52:22 | 000,002,427 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Word.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2014/05/09 17:52:28 | 000,028,015 | ---- | M] () -- C:\Users\Jerry\Desktop\usefulstuff.rtf
[2014/05/05 18:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/01 16:52:19 | 000,109,072 | ---- | C] ( ) -- C:\Users\Jerry\AppData\Local\expkgpso.exe
[2014/06/01 16:08:09 | 001,327,971 | ---- | C] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/06/01 14:21:28 | 000,208,896 | ---- | C] () -- C:\Users\Jerry\AppData\Local\cfmtvloj.exe
[2014/05/31 11:38:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/30 17:25:52 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/27 07:54:59 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/22 19:44:13 | 000,060,165 | ---- | C] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:56 | 000,055,120 | ---- | C] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2013/11/30 10:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2013/08/17 11:21:42 | 000,518,200 | ---- | C] () -- C:\Users\Jerry\almost done.jpg
[2013/08/17 11:21:09 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\20130708_144045.jpg
[2013/08/17 11:17:34 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\repair.jpg
[2010/10/25 13:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/15 19:37:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/07/15 19:37:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2009/01/18 17:11:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/14 10:49:13 | 000,000,000 | -H-- | C] () -- C:\Users\Jerry\Lyn and Jerry Xmas.jpg
[2008/01/27 20:38:49 | 000,013,824 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 19:02:50 | 000,000,052 | -H-- | C] () -- C:\Users\Jerry\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 23:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jerry\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEBASE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jerry
LOCALAPPDATA=C:\Users\Jerry\AppData\Local
LOGONSERVER=\\HOMEBASE
MOZ_PLUGIN_PATH=C:\Program Files\PDFlite\
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;F:\Office;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Windows Live\Shared;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Presario
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jerry\AppData\Local\Temp
TMP=C:\Users\Jerry\AppData\Local\Temp
USERDOMAIN=homebase
USERNAME=Jerry
USERPROFILE=C:\Users\Jerry
windir=C:\Windows
========== Alternate Data Streams ==========
@Alternate Data Stream - 8256 bytes -> C:\Users\Jerry\Documents\Documents.sdsk:Backup
@Alternate Data Stream - 610 bytes -> C:\Users\Jerry\Documents\Christmas 2012.eml:OECustomProperty
@Alternate Data Stream - 2438 bytes -> C:\Users\Jerry\Documents\Christmas Greetings email 2013.eml:OECustomProperty
@Alternate Data Stream - 1152 bytes -> C:\Users\Jerry\Documents\Re_ [Chukker Nation] just joined 'atlanta pop festivals' group for___.eml:OECustomProperty
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 6/1/2014 4:45:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.12% Memory free
4.23 Gb Paging File | 2.82 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 35.78 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222C76C-F433-4EE3-BDB0-6E1AC5ABC187}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{084B701A-C4E7-4101-9D76-D7FFB0FC5610}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A048B30-7586-4EFE-A839-6584BC015ED5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13234761-2BCC-47FD-BDB5-B97FEC6B5E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C8EAD5D-6563-4A66-8CBA-E338EC741E49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D3E3ABC-1315-4F09-B17E-09373A6FD160}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{32365E40-481F-438A-9075-853EF47885FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{377BF021-320A-4B52-8B2F-C4EEBC007141}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69A338A1-D6FF-47DF-B4F3-5AAEF9A2B545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FDB8227-2072-42DF-BD74-51C2208745B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79791881-49D6-484B-9EA0-C60712C661FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8271B48E-DFDD-4906-B76A-6CF20B8F75A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82CA7C3E-26BF-42B0-9A2E-9B8EE987FC3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EF6AA8-C491-4CEC-91D3-4F326ACAE0E0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{948748D3-5BD0-4C1A-AE90-3121FF943CC0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96F9828E-CECC-4347-A196-380BFBCEFDB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9AF8113E-D8FE-4D1C-86D0-40C5C987BC5E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BA21B74-1365-41EF-A2BE-0F7E5E32B12E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BE2E7656-818C-40C2-A13B-400F6D70FB56}" = lport=59090 | protocol=6 | dir=in | name=akamai netsession interface |
"{D69E4C9A-98D3-4583-8343-D80ADBA3BFF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D89F9092-ABEA-43D4-92E6-D19B63DDB893}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBA8C13F-6592-4119-AC26-431B253421FA}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08667A1D-DD58-41E2-851D-3D43B97A7B38}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{19D836C6-D3DC-4A68-B24E-A89FFB8B5640}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2CF1B485-C0F2-4340-942C-0F161F4D5B48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{30FD82FC-609F-48D7-AE0C-9CBC76B051FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3284FA8B-01A3-4080-BF16-18CE2B42B748}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3312F3DE-D0BB-420D-9259-9D5BB6AEBAB6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{44D43E1C-7EDF-4D73-8B8B-4F9AC4C0D69B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67838048-9BB0-4556-B8B8-981455901FA3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6F9E2F4A-BDC1-4030-AE9C-8C26D725406D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{7CB56C1D-9A12-4D60-A836-1C307DB9CE72}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{7E4C4C56-44BC-4263-902F-D3F12C5006E2}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{8A9F69E0-B508-4FFF-858C-A8E28EE4D6BF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{94D86C03-7E9E-4770-B3C2-5F10AB85281F}" = protocol=6 | dir=out | app=system |
"{9594015C-F649-4F54-B377-7DE32B020B13}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{95F1811F-6C1E-4937-9A13-CE2A5F49A1B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A98299A9-4AFA-4131-B003-10D8DF36C610}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B505A3E3-19E0-4085-959B-666BE4AB0249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B76088C1-0035-4D16-B398-E7149518D9E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA49AC10-F22E-4292-84E2-F7D07DA37873}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{BC94E65B-64EE-4AAE-9BF4-75C926EDDBBF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD0EEA94-BA1B-45B8-B29F-EAB6ADA53F82}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{BEBE91B8-31A2-4D68-B8B7-A757FB131367}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{CAE2BD84-5A63-4958-A0CB-2DAFAE00EEAA}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{CB3E29A9-0112-4703-AA27-5FE2CF29EEDD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CF0456FD-DAB9-468F-A8CE-06285EE67F0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D05E5A4D-8851-4449-82BF-3247F2BD4D44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{D297B8BF-AB18-440A-AA87-AF00A365FAEA}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0B12346-199F-41F4-94AB-34C50ADFC207}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{E92EE118-8851-4B6E-B59B-3B25E519C4F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED679BBD-5739-4DAC-8197-D8BC3426520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0825D56-1AA4-45C4-AD2C-DB8206CD238E}" = protocol=17 | dir=in | app=f:\nmapp.exe |
"{F0DB9CDD-D977-4F28-BDDE-C17BC0761198}" = protocol=6 | dir=in | app=f:\nmapp.exe |
"{F40F40E3-3F00-43AA-ADC2-53793E673855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6F646C-B12C-4370-802F-0AE266DF0FB1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE829CE7-526E-4EA1-BA66-15C5EC0D1960}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{1192589A-2F24-443B-B030-629668788583}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{6F138BD6-CA74-43B4-9B0C-F98A0355D5CC}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C9D421BC-9593-409F-988C-58E022763E69}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F33A3E4E-3DB9-46D2-8AA6-1E3B56F56735}C:\program files\common files\4warn\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{63205D27-8B88-4280-9E6A-AB8DE9B90B4B}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8550767F-DA2D-4F78-9663-C018929C2C7D}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8D29355C-8FFE-45D7-AD69-5FF7F57C0AEE}C:\program files\common files\4warn\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{D83BBBF8-BB52-413B-98B6-27192A3422C6}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3473F10F-91E5-4F7C-975E-8D1B067F7472}" = Berlitz Before You Know It Flash Cards
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DCC72248-D3D2-4846-8499-A400053A430E}" = TWC User Controls
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8265D3-C3F5-44A3-8FBE-8CDC83BA704B}" = Berlitz Learning System - Spanish
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}" = D1400_Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req
"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}" = D1400
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8872-1522-2113-8155" = EPA 608 Certification 4.0.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AnswerWorks" = AnswerWorks Runtime
"CAAPH2" = APH placeholder
"CameraUserGuide-PSSD940IS_IXUS120IS" = Canon PowerShot SD940 IS_IXUS 120 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"ExpressTools - AutoCAD 2002" = AutoCAD Express Tools - AutoCAD 2002
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"Google Updater" = Google Updater
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstaCodecs_is1" = InstaCodecs
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office8.0" = Microsoft Office 97, Professional Edition
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PDF Reader" = PDF Reader
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PotPlayer" = Daum PotPlayer 1.5.34115
"Rapport_msi" = Trusteer Endpoint Protection
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"Recovery Toolbox for CD Free_is1" = Recovery Toolbox for CD Free 2.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"sl-dlc" = SelectionLinks
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"ToolPac" = ToolPac
"TrueCrypt" = TrueCrypt
"Volo View Express" = Volo View Express
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live Mail to Mac Mail" = Windows Live Mail to Mac Mail
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"PDF Reader" = PDF Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/12/2012 11:11:11 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:14 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:11:15 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:12:39 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 11:12:40 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/12/2012 6:31:15 PM | Computer Name = homebase | Source = Application Error | ID = 1000
Description = Faulting application acad.exe, version 21.0.6.30, time stamp 0x3ae3de35,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x0004a246, process id 0x14cc, application start time
0x01cd3088f5f91640.
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
Error - 5/16/2012 10:29:02 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 6/1/2014 4:59:35 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 4:59:35 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 5:00:49 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
Error - 6/1/2014 5:00:50 PM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
Error - 6/1/2014 5:12:26 PM | Computer Name = homebase | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 6/1/2014 5:12:29 PM | Computer Name = homebase | Source = Print | ID = 23
Description = Printer hp psc 1310 series (Copy 1),3 failed to initialize because
a suitable hp psc 1310 series driver could not be found. The new printer settings
that you specified have not taken effect. Install or reinstall the printer driver.
You might need to contact the vendor for an updated driver.
Error - 6/1/2014 5:13:57 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 5:13:57 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
Error - 6/1/2014 5:14:18 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
Error - 6/1/2014 5:14:19 PM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
< End of report >
#10
Posted 01 June 2014 - 04:44 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
#11
Posted 01 June 2014 - 05:04 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Geeks, Is anyone still working this posting?
#12
Posted 01 June 2014 - 05:26 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Tried to download farbar but can't find it anywhere on my computer. Earlier replies to my problem may be found in my post entitled
virtool, trojandownloader, trojandropper, etc - PASTED OTLOG Please reply there.
#13
Posted 01 June 2014 - 07:18 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Your topics have been merged. Phel will continue to be your assistant. Please do not open another topic concerning this issue.
Thanks
#14
Posted 02 June 2014 - 08:17 AM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Geeks, Thanks for continuing. The infected computer is now virtually inoperative. Every time I reboot CPU usage goes to 100% and the memory utilization goes to about max. I'm using another machine to communicate. Where can we go from here? I really need to get it fixed but I'm not a geek and may need more attention than some. Sorry about that.
#15
Posted 02 June 2014 - 08:51 AM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Okay, let's continue. Sorry for delay, but it appears that we are living in the different time zones.
Please, follow these steps:
Step 1. OTL fix.
Please, follow these steps:
Step 1. OTL fix.
- Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:Commands [CREATERESTOREPOINT] :OTL @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2 [2014/06/01 14:21:28 | 000,208,896 | ---- | C] () -- C:\Users\Jerry\AppData\Local\cfmtvloj.exe [2014/06/01 16:52:19 | 000,109,072 | ---- | C] ( ) -- C:\Users\Jerry\AppData\Local\expkgpso.exe O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [rlwobebt] C:\Users\Jerry\AppData\Local\cfmtvloj.exe () :Commands [EMPTYTEMP]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- Adwcleaner window should appear.
- Click on the Clean button.
- Click on OK.
- Computer will be rebooted automatically, when program will finish it's job.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- AdwCleaner window should appear.
- Click on the Scan button.
- When scan will be finished, click Report button.
- Now ahould appear Notepad window with report. Post the contents of the report in your next message.
- Click the Chrome menu
on the browser toolbar. - Select Settings
- In the "Search" section, select the search engine you want to use from the menu. (Google)
- Restart Chrome.
- Run OTL.
- Click on Scan All Users checkbox, which is located near Quick Scan button.
- Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
- Then click the Run Scan button at the top.
- Let the program run unhindered.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
- AdwCleaner log
- OTL.txt
- Extras.txt
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
