This topic is lockedPhel, infected machine won't run anything. CPU at 100%, Memory maxed out. MSE says it is cleaning
virtool, trojandownloader, trojandropper, etc - PASTED OTLOG [Solved]
Started by
JPowell
, Jun 01 2014 09:55 AM
#17
Posted 02 June 2014 - 09:36 AM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Phel, Did you get my communication from last post? It follows:
Phel, infected machine won't run anything. CPU at 100%, Memory maxed out. MSE says it is cleaning
#18
Posted 02 June 2014 - 10:11 AM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
I'm still trying to get a bit of help. See page 2 on my last post.
#19
Posted 02 June 2014 - 11:30 AM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Okay, let's continue. Sorry for delay, but it appears that we are living in the different time zones.
Please, follow these steps:
Step 1. OTL fix.Step 2. AdwCleaner scan.
- Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:Commands [CREATERESTOREPOINT] :OTL @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2 [2014/06/01 14:21:28 | 000,208,896 | ---- | C] () -- C:\Users\Jerry\AppData\Local\cfmtvloj.exe [2014/06/01 16:52:19 | 000,109,072 | ---- | C] ( ) -- C:\Users\Jerry\AppData\Local\expkgpso.exe O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [rlwobebt] C:\Users\Jerry\AppData\Local\cfmtvloj.exe () :Commands [EMPTYTEMP]- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
After reboot:
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- Adwcleaner window should appear.
- Click on the Clean button.
- Click on OK.
- Computer will be rebooted automatically, when program will finish it's job.
Step 3. Changing Chrome Search provider and Homepage.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- AdwCleaner window should appear.
- Click on the Scan button.
- When scan will be finished, click Report button.
- Now ahould appear Notepad window with report. Post the contents of the report in your next message.
Step 4. OTL scan.
- Click the Chrome menu
on the browser toolbar.
- Select Settings
- In the "Search" section, select the search engine you want to use from the menu. (Google)
- Restart Chrome.
So, please, don't forget to post in your next message:
- Run OTL.
- Click on Scan All Users checkbox, which is located near Quick Scan button.
- Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
- Then click the Run Scan button at the top.
- Let the program run unhindered.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
- AdwCleaner log
- OTL.txt
- Extras.txt
Phel, Did you get my communication from last post? It follows:
Phel, infected machine won't run anything. CPU at 100%, Memory maxed out. MSE says it is cleaning
#20
Posted 02 June 2014 - 12:16 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Phel, Are you there?
#21
Posted 02 June 2014 - 12:17 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Sorry for misunderstanding.
Okay, let's try another method, if you can't perform any actions on infected computer.
Please, follow these instructions. It's better to print them to know, what are you doing:
For this step you will need clean computer with access to the internet and flash drive.
Start clean computer.
Download the following three programmes to your desktop :
Okay, let's try another method, if you can't perform any actions on infected computer.
Please, follow these instructions. It's better to print them to know, what are you doing:
For this step you will need clean computer with access to the internet and flash drive.
Start clean computer.
Download the following three programmes to your desktop :
- Insert the USB stick Then run Rufus.
- Select the ISO file on the desktop via the ISO icon.
- Press Start Burn.
- Then copy FRST to the same USB.
- Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB.
- Note: If you are not sure how to do that follow the instructions Here
- When you reboot you will see this although yours will say Windows 7. Click Repair my computer.
- Select your operating system.
- Select Command prompt.
- At the command prompt type the following:
notepad
and press Enter. - The notepad opens. Under File menu select Open.
- Select Computer and find your flash drive letter and close the notepad.
- In the command window type e:\frst.exe and press Enter
- Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#22
Posted 02 June 2014 - 12:28 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
phel, Got error 404 when trying to download windows7 32 but RC
#23
Posted 02 June 2014 - 12:37 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Oh, yes, it appears that link is dead. Okay, let's try to bypass this step: please, follow new instructions.
- On a clean machine, please download Farbar Recovery Scan Tool 32 bit version and save it to a flash drive.
Plug the flashdrive into the infected PC. - If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
- On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt - Once in the Command Prompt:
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#24
Posted 02 June 2014 - 12:39 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
phel, Ran Rufus and it found nothing. Tried 2 different flash drives. Got error 404 when trying to download windows7 32 but RC. Uninfected machine is running W8 OS. is that why Rufus isn't working?
Edited by JPowell, 02 June 2014 - 12:41 PM.
#25
Posted 02 June 2014 - 12:43 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Try to follow instructions in my previous message, Rufus is not needed there.
#26
Posted 02 June 2014 - 01:07 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Phel, Here's the log.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by SYSTEM on MINWINPC on 02-06-2014 14:03:01
Running from G:\
Platform: Windows Vista ™ Home Basic (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [849280 2007-02-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-07-11] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1783400 2007-06-01] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1783400 2007-06-01] (Hewlett-Packard)
HKU\Jerry\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-12-31] (Google Inc.)
HKU\Jerry\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
HKU\Jerry\...\Run: [Akamai NetSession Interface] => C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Jerry\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Jerry\...\Run: [Owexdytuuthiymo] => C:\Users\Jerry\AppData\Roaming\Muarmiy\tecupe.exe [324608 2009-08-24] (Global Trade)
Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
========================== Services (Whitelisted) =================
S2 gupdate1c9d33f3bf4d800; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-12] (Google Inc.)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard)
S2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-18] (Marvell)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2007-12-11] (SupportSoft, Inc.)
S3 CaCCProvSP; "C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe" [X]
S2 ccSchedulerSVC; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [X]
==================== Drivers (Whitelisted) ====================
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2009-12-03] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-05-15] ()
S1 SafDskNT; C:\Windows\system32\drivers\SAFDSKNT.SYS [78336 2009-12-07] (PC Dynamics, Inc.)
S1 bcnajpwo; \??\C:\Windows\system32\drivers\bcnajpwo.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 riczxsam; \??\C:\Windows\system32\drivers\riczxsam.sys [X]
S1 sipvzdir; \??\C:\Windows\system32\drivers\sipvzdir.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 14:02 - 2014-06-02 14:02 - 00000000 ____D () C:\FRST
2014-06-02 05:50 - 2014-06-02 05:50 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Dyazyrez
2014-06-02 01:51 - 2014-06-02 01:52 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Muarmiy
2014-06-01 22:28 - 2014-06-01 22:28 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Esryotar
2014-06-01 13:55 - 2014-06-01 13:56 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Wemuiplo
2014-06-01 13:54 - 2014-06-01 13:54 - 00009447 _____ () C:\Users\Jerry\Desktop\adwarecleaner.txt
2014-06-01 13:26 - 2014-06-01 13:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
2014-06-01 13:26 - 2014-06-01 13:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
2014-06-01 13:10 - 2010-08-30 05:34 - 00536576 _____ (SQLite Development Team) C:\Windows\System32\sqlite3.dll
2014-06-01 13:09 - 2014-06-01 13:11 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:08 - 2014-06-01 13:08 - 01327971 _____ () C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
2014-06-01 12:37 - 2014-06-01 12:37 - 00000000 ____D () C:\_OTL
2014-06-01 11:29 - 2014-06-01 14:04 - 00057378 _____ () C:\Users\Jerry\Desktop\Extras.Txt
2014-06-01 11:26 - 2014-06-01 14:02 - 00107236 _____ () C:\Users\Jerry\Desktop\OTL.Txt
2014-06-01 11:05 - 2014-06-01 11:06 - 00602112 _____ (OldTimer Tools) C:\Users\Jerry\Desktop\OTL.exe
2014-05-31 08:38 - 2014-05-31 08:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-31 08:38 - 2014-05-31 08:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-31 04:57 - 2014-05-31 04:57 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
2014-05-31 04:57 - 2014-05-31 04:57 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
2014-05-30 14:34 - 2014-05-30 14:34 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{42CFE107-D642-483F-9829-AA4699DE5F90}
2014-05-30 14:34 - 2014-05-30 14:34 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
2014-05-29 14:48 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
2014-05-29 14:48 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
2014-05-27 10:30 - 2014-05-27 10:30 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
2014-05-27 10:30 - 2014-05-27 10:30 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
2014-05-27 04:54 - 2014-05-27 04:54 - 00000000 _____ () C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
2014-05-26 18:04 - 2014-05-26 18:05 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
2014-05-26 18:04 - 2014-05-26 18:05 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
2014-05-26 06:04 - 2014-05-26 06:04 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
2014-05-26 06:04 - 2014-05-26 06:04 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
2014-05-25 05:58 - 2014-05-25 05:58 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{71872893-A38C-4358-864D-3BDBF71D9915}
2014-05-25 05:58 - 2014-05-25 05:58 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
2014-05-24 06:42 - 2014-05-24 06:42 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{B8679765-30CD-45CE-BC41-9E76E82882B0}
2014-05-24 06:42 - 2014-05-24 06:42 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
2014-05-23 15:29 - 2014-05-23 15:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
2014-05-23 15:29 - 2014-05-23 15:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
2014-05-22 16:10 - 2014-05-22 16:10 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
2014-05-22 16:10 - 2014-05-22 16:10 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
2014-05-22 03:30 - 2014-05-22 03:30 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
2014-05-22 03:30 - 2014-05-22 03:30 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
2014-05-21 15:29 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
2014-05-21 15:29 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
2014-05-20 18:10 - 2014-05-20 18:10 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D9A33CC6-087A-483B-986F-E6B21777F12F}
2014-05-20 18:10 - 2014-05-20 18:10 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
2014-05-20 06:09 - 2014-05-20 06:10 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
2014-05-20 06:09 - 2014-05-20 06:10 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
2014-05-19 06:15 - 2014-05-19 06:15 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
2014-05-19 06:15 - 2014-05-19 06:15 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
2014-05-18 07:14 - 2014-05-18 07:14 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
2014-05-18 07:14 - 2014-05-18 07:14 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
2014-05-17 18:16 - 2014-05-17 18:17 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
2014-05-17 18:16 - 2014-05-17 18:17 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
2014-05-17 06:15 - 2014-05-17 06:16 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
2014-05-17 06:15 - 2014-05-17 06:16 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
2014-05-16 16:41 - 2014-05-16 16:41 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{7D8881D6-D52C-4762-8009-305361CE4FAF}
2014-05-16 16:41 - 2014-05-16 16:41 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
2014-05-16 15:33 - 2014-05-16 15:33 - 00002323 _____ () C:\Users\Public\Desktop\EPA 608 Certification.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00002323 _____ () C:\ProgramData\Desktop\EPA 608 Certification.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00001290 _____ () C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00001290 _____ () C:\ProgramData\Desktop\Printable Manuals and Help Files.lnk
2014-05-16 15:32 - 2014-05-16 15:32 - 00000000 ____D () C:\Program Files\Mainstream Engineering Corporation
2014-05-15 15:42 - 2014-05-15 15:42 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{649C069D-5763-42F5-92AC-19CF354DCD3C}
2014-05-15 15:42 - 2014-05-15 15:42 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
2014-05-15 00:01 - 2014-05-05 15:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 00:01 - 2014-05-05 15:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 00:01 - 2014-05-05 15:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{DCB45356-313D-494D-AD32-D98E51057CE4}
2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
2014-05-14 04:28 - 2014-03-25 05:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-13 16:26 - 2014-05-13 16:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
2014-05-13 16:26 - 2014-05-13 16:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
2014-05-13 04:00 - 2014-05-13 04:00 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
2014-05-13 04:00 - 2014-05-13 04:00 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
2014-05-12 15:59 - 2014-05-12 15:59 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
2014-05-12 15:59 - 2014-05-12 15:59 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
2014-05-11 15:21 - 2014-05-11 15:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
2014-05-11 15:21 - 2014-05-11 15:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
2014-05-10 23:27 - 2014-05-10 23:27 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{31FA8926-9B99-4350-A35F-B4A817F126BE}
2014-05-10 23:27 - 2014-05-10 23:27 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 11:26 - 2014-05-10 11:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
2014-05-10 11:26 - 2014-05-10 11:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
2014-05-09 06:21 - 2014-05-09 06:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
2014-05-09 06:21 - 2014-05-09 06:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
2014-05-08 18:21 - 2014-05-08 18:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
2014-05-08 18:21 - 2014-05-08 18:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
2014-05-08 06:21 - 2014-05-08 06:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
2014-05-08 06:21 - 2014-05-08 06:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
2014-05-06 05:37 - 2014-05-06 05:37 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
2014-05-06 05:37 - 2014-05-06 05:37 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
2014-05-05 15:46 - 2014-05-05 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
2014-05-05 15:46 - 2014-05-05 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
2014-05-05 03:46 - 2014-05-05 03:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
2014-05-05 03:46 - 2014-05-05 03:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{98863933-F197-481A-A96F-D64FB74BA775}
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
2014-05-04 03:46 - 2014-05-04 03:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C2328003-98EF-4638-9235-B971C2B953F3}
2014-05-04 03:46 - 2014-05-04 03:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C2328003-98EF-4638-9235-B971C2B953F3}
2014-05-03 19:55 - 2014-05-03 19:55 - 00123512 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2014-05-03 15:46 - 2014-05-03 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
2014-05-03 15:46 - 2014-05-03 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
2014-05-03 03:21 - 2014-05-03 03:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
2014-05-03 03:21 - 2014-05-03 03:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
==================== One Month Modified Files and Folders =======
2014-06-02 14:02 - 2014-06-02 14:02 - 00000000 ____D () C:\FRST
2014-06-02 07:22 - 2007-12-26 15:27 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\Temp
2014-06-02 07:22 - 2007-12-26 15:27 - 00000000 ____D () C:\Users\Jerry\AppData\Local\Temp
2014-06-02 07:09 - 2006-11-02 04:45 - 00003696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 07:09 - 2006-11-02 04:45 - 00003696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 07:08 - 2007-09-19 05:30 - 02012303 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 05:54 - 2013-11-30 07:39 - 00001356 _____ () C:\Users\Jerry\Local Settings\Application Data\d3d9caps.dat
2014-06-02 05:54 - 2013-11-30 07:39 - 00001356 _____ () C:\Users\Jerry\AppData\Local\d3d9caps.dat
2014-06-02 05:50 - 2014-06-02 05:50 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Dyazyrez
2014-06-02 01:52 - 2014-06-02 01:51 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Muarmiy
2014-06-01 22:28 - 2014-06-01 22:28 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Esryotar
2014-06-01 15:29 - 2008-02-17 08:13 - 00000000 ____D () C:\Users\Jerry\Documents\My Scans
2014-06-01 14:04 - 2014-06-01 11:29 - 00057378 _____ () C:\Users\Jerry\Desktop\Extras.Txt
2014-06-01 14:02 - 2014-06-01 11:26 - 00107236 _____ () C:\Users\Jerry\Desktop\OTL.Txt
2014-06-01 13:56 - 2014-06-01 13:55 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Wemuiplo
2014-06-01 13:54 - 2014-06-01 13:54 - 00009447 _____ () C:\Users\Jerry\Desktop\adwarecleaner.txt
2014-06-01 13:26 - 2014-06-01 13:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
2014-06-01 13:26 - 2014-06-01 13:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
2014-06-01 13:12 - 2012-03-14 07:33 - 04111634 _____ () C:\Windows\PFRO.log
2014-06-01 13:11 - 2014-06-01 13:09 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:08 - 2014-06-01 13:08 - 01327971 _____ () C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
2014-06-01 12:37 - 2014-06-01 12:37 - 00000000 ____D () C:\_OTL
2014-06-01 11:06 - 2014-06-01 11:05 - 00602112 _____ (OldTimer Tools) C:\Users\Jerry\Desktop\OTL.exe
2014-06-01 09:11 - 2013-11-22 12:11 - 00000000 ____D () C:\Users\Jerry\Documents\6657 Jackson Square
2014-06-01 09:05 - 2014-03-28 07:27 - 00028672 _____ () C:\Users\Jerry\Documents\Jackson Square Costs Date Sorted.xls
2014-06-01 08:11 - 2010-01-05 09:04 - 00002429 _____ () C:\Users\Jerry\Desktop\Microsoft Excel.lnk
2014-05-31 14:14 - 2014-04-21 16:15 - 00000000 ____D () C:\Users\Jerry\Documents\Craigslist
2014-05-31 08:38 - 2014-05-31 08:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-31 08:38 - 2014-05-31 08:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-31 04:57 - 2014-05-31 04:57 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
2014-05-31 04:57 - 2014-05-31 04:57 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
2014-05-30 14:34 - 2014-05-30 14:34 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{42CFE107-D642-483F-9829-AA4699DE5F90}
2014-05-30 14:34 - 2014-05-30 14:34 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
2014-05-30 10:18 - 2008-12-10 10:08 - 00150176 _____ () C:\Windows\System32\GDIPFONTCACHEV1.DAT
2014-05-29 14:48 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
2014-05-29 14:48 - 2014-05-29 14:48 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
2014-05-28 08:28 - 2014-05-28 08:28 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
2014-05-27 10:30 - 2014-05-27 10:30 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
2014-05-27 10:30 - 2014-05-27 10:30 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
2014-05-27 10:30 - 2012-07-21 16:14 - 00000000 ____D () C:\Users\Jerry\Documents\Misc Property Docs
2014-05-27 04:54 - 2014-05-27 04:54 - 00000000 _____ () C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
2014-05-26 18:05 - 2014-05-26 18:04 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
2014-05-26 18:05 - 2014-05-26 18:04 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
2014-05-26 06:04 - 2014-05-26 06:04 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
2014-05-26 06:04 - 2014-05-26 06:04 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
2014-05-25 14:16 - 2009-07-15 16:37 - 00870128 _____ () C:\Users\Jerry\AppData\Roaming\mcs.rma
2014-05-25 14:16 - 2009-07-15 16:37 - 00000004 _____ () C:\Users\Jerry\AppData\Roaming\FF41A7
2014-05-25 14:02 - 2013-08-01 15:37 - 00000000 ____D () C:\Users\Jerry\Documents\7524 Elizabeth Dr
2014-05-25 05:58 - 2014-05-25 05:58 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{71872893-A38C-4358-864D-3BDBF71D9915}
2014-05-25 05:58 - 2014-05-25 05:58 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
2014-05-24 06:42 - 2014-05-24 06:42 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{B8679765-30CD-45CE-BC41-9E76E82882B0}
2014-05-24 06:42 - 2014-05-24 06:42 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
2014-05-23 15:29 - 2014-05-23 15:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
2014-05-23 15:29 - 2014-05-23 15:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
2014-05-22 16:10 - 2014-05-22 16:10 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
2014-05-22 16:10 - 2014-05-22 16:10 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
2014-05-22 03:30 - 2014-05-22 03:30 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
2014-05-22 03:30 - 2014-05-22 03:30 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
2014-05-21 15:29 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
2014-05-21 15:29 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
2014-05-20 18:10 - 2014-05-20 18:10 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D9A33CC6-087A-483B-986F-E6B21777F12F}
2014-05-20 18:10 - 2014-05-20 18:10 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
2014-05-20 06:10 - 2014-05-20 06:09 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
2014-05-20 06:10 - 2014-05-20 06:09 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
2014-05-19 06:15 - 2014-05-19 06:15 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
2014-05-19 06:15 - 2014-05-19 06:15 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
2014-05-18 07:14 - 2014-05-18 07:14 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
2014-05-18 07:14 - 2014-05-18 07:14 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
2014-05-17 18:17 - 2014-05-17 18:16 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
2014-05-17 18:17 - 2014-05-17 18:16 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
2014-05-17 07:59 - 2008-01-27 17:38 - 00013824 _____ () C:\Users\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-17 07:59 - 2008-01-27 17:38 - 00013824 _____ () C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-17 06:52 - 2011-07-25 06:50 - 00000000 ____D () C:\Users\Jerry\Documents\1203 Old County Road
2014-05-17 06:52 - 2010-01-05 09:03 - 00002427 _____ () C:\Users\Jerry\Desktop\Microsoft Word.lnk
2014-05-17 06:16 - 2014-05-17 06:15 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
2014-05-17 06:16 - 2014-05-17 06:15 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
2014-05-16 16:41 - 2014-05-16 16:41 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{7D8881D6-D52C-4762-8009-305361CE4FAF}
2014-05-16 16:41 - 2014-05-16 16:41 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
2014-05-16 15:33 - 2014-05-16 15:33 - 00002323 _____ () C:\Users\Public\Desktop\EPA 608 Certification.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00002323 _____ () C:\ProgramData\Desktop\EPA 608 Certification.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00001290 _____ () C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
2014-05-16 15:33 - 2014-05-16 15:33 - 00001290 _____ () C:\ProgramData\Desktop\Printable Manuals and Help Files.lnk
2014-05-16 15:32 - 2014-05-16 15:32 - 00000000 ____D () C:\Program Files\Mainstream Engineering Corporation
2014-05-15 15:45 - 2013-01-05 06:51 - 00000000 ____D () C:\Users\Jerry\Documents\8176 Edgewood
2014-05-15 15:42 - 2014-05-15 15:42 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{649C069D-5763-42F5-92AC-19CF354DCD3C}
2014-05-15 15:42 - 2014-05-15 15:42 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
2014-05-15 01:05 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 00:34 - 2013-08-15 00:11 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 00:03 - 2006-11-02 02:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{DCB45356-313D-494D-AD32-D98E51057CE4}
2014-05-14 11:01 - 2014-05-14 11:01 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
2014-05-13 16:26 - 2014-05-13 16:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
2014-05-13 16:26 - 2014-05-13 16:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
2014-05-13 04:00 - 2014-05-13 04:00 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
2014-05-13 04:00 - 2014-05-13 04:00 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
2014-05-12 16:07 - 2012-04-29 08:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 15:59 - 2014-05-12 15:59 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
2014-05-12 15:59 - 2014-05-12 15:59 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
2014-05-11 15:21 - 2014-05-11 15:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
2014-05-11 15:21 - 2014-05-11 15:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
2014-05-10 23:27 - 2014-05-10 23:27 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{31FA8926-9B99-4350-A35F-B4A817F126BE}
2014-05-10 23:27 - 2014-05-10 23:27 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
2014-05-10 17:00 - 2014-05-10 17:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 11:26 - 2014-05-10 11:26 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
2014-05-10 11:26 - 2014-05-10 11:26 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
2014-05-09 16:00 - 2012-07-17 12:42 - 00000000 ____D () C:\Users\Jerry\Documents\7582 Avery
2014-05-09 06:21 - 2014-05-09 06:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
2014-05-09 06:21 - 2014-05-09 06:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
2014-05-08 18:21 - 2014-05-08 18:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
2014-05-08 18:21 - 2014-05-08 18:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
2014-05-08 06:21 - 2014-05-08 06:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
2014-05-08 06:21 - 2014-05-08 06:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
2014-05-06 05:37 - 2014-05-06 05:37 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
2014-05-06 05:37 - 2014-05-06 05:37 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
2014-05-05 15:46 - 2014-05-05 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
2014-05-05 15:46 - 2014-05-05 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
2014-05-05 15:32 - 2014-05-15 00:01 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 15:14 - 2014-05-15 00:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 15:14 - 2014-05-15 00:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-05 03:46 - 2014-05-05 03:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
2014-05-05 03:46 - 2014-05-05 03:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{98863933-F197-481A-A96F-D64FB74BA775}
2014-05-04 15:46 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
2014-05-04 03:46 - 2014-05-04 03:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{C2328003-98EF-4638-9235-B971C2B953F3}
2014-05-04 03:46 - 2014-05-04 03:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{C2328003-98EF-4638-9235-B971C2B953F3}
2014-05-03 19:55 - 2014-05-03 19:55 - 00123512 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2014-05-03 15:46 - 2014-05-03 15:46 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
2014-05-03 15:46 - 2014-05-03 15:46 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
2014-05-03 03:21 - 2014-05-03 03:21 - 00000000 ____D () C:\Users\Jerry\Local Settings\Application Data\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
2014-05-03 03:21 - 2014-05-03 03:21 - 00000000 ____D () C:\Users\Jerry\AppData\Local\{ACB4FAF5-84F6-492F-B4D6-5A0BEA5539C9}
Some content of TEMP:
====================
C:\Users\Jerry\AppData\Local\Temp\ApnStub.exe
C:\Users\Jerry\AppData\Local\Temp\AskSLib.dll
C:\Users\Jerry\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jerry\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jerry\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u25-windows-i586-iftw_2953c6f9.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jerry\AppData\Local\Temp\lowproc.exe
C:\Users\Jerry\AppData\Local\Temp\Quarantine.exe
C:\Users\Jerry\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Jerry\AppData\Local\Temp\SHSetup.exe
C:\Users\Jerry\AppData\Local\Temp\stubhelper.dll
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_04970f00.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_1c6f9505.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_20a0225e.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_236c162e.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_4b7d7125.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_57ca4ff4.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_71b0d412.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_92c0fd4b.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_9a16ce87.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_ac4e6c52.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_b4440e37.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_b6845a25.exe
C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_c4a2c6b2.exe
C:\Users\Jerry\AppData\Local\Temp\wajam_install.exe
C:\Users\Jerry\AppData\Local\Temp\wget.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-05-21 21:00:17
Restore point made on: 2014-05-22 02:45:45
Restore point made on: 2014-05-23 16:54:17
Restore point made on: 2014-05-24 16:29:20
Restore point made on: 2014-05-25 04:13:29
Restore point made on: 2014-05-25 21:00:17
Restore point made on: 2014-05-26 21:00:21
Restore point made on: 2014-05-27 11:06:25
Restore point made on: 2014-05-28 08:55:14
Restore point made on: 2014-05-28 16:59:52
Restore point made on: 2014-05-29 13:52:58
Restore point made on: 2014-05-30 06:59:34
Restore point made on: 2014-05-30 21:00:15
Restore point made on: 2014-05-31 16:43:20
Restore point made on: 2014-06-01 03:35:37
Restore point made on: 2014-06-01 12:38:14
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 2038.75 MB
Available physical RAM: 1536.06 MB
Total Pagefile: 1772.19 MB
Available Pagefile: 1612.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.77 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:99.06 GB) (Free:37.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.27 GB) (Free:1.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (New Volume) (Fixed) (Total:41.71 GB) (Free:40.57 GB) NTFS
Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
Drive h: (CDROM) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=42 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-06-02 07:02
==================== End Of Log ============================
#27
Posted 02 June 2014 - 01:58 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Okay, let's try to fix that:
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
start S1 bcnajpwo; \??\C:\Windows\system32\drivers\bcnajpwo.sys [X] HKU\Jerry\...\Run: [Owexdytuuthiymo] => C:\Users\Jerry\AppData\Roaming\Muarmiy\tecupe.exe [324608 2009-08-24] (Global Trade) 2014-06-02 05:50 - 2014-06-02 05:50 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Dyazyrez 2014-06-02 01:51 - 2014-06-02 01:52 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Muarmiy 2014-06-01 22:28 - 2014-06-01 22:28 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Esryotar 2014-06-01 13:55 - 2014-06-01 13:56 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Wemuiplo C:\Users\Jerry\AppData\Local\Temp\wajam_install.exe C:\Users\Jerry\AppData\Local\Temp\wget.exe end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST as you had run it previous time and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
After that start infected computer and try to run OTL scan.
#28
Posted 02 June 2014 - 02:43 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
phlen, Here is log. Do you mean for me to start windows normally and try to run OTL?
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-06-2014 01
Ran by SYSTEM at 2014-06-02 15:37:39 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
start
S1 bcnajpwo; \??\C:\Windows\system32\drivers\bcnajpwo.sys [X]
HKU\Jerry\...\Run: [Owexdytuuthiymo] => C:\Users\Jerry\AppData\Roaming\Muarmiy\tecupe.exe [324608 2009-08-24] (Global Trade)
2014-06-02 05:50 - 2014-06-02 05:50 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Dyazyrez
2014-06-02 01:51 - 2014-06-02 01:52 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Muarmiy
2014-06-01 22:28 - 2014-06-01 22:28 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Esryotar
2014-06-01 13:55 - 2014-06-01 13:56 - 00000000 ____D () C:\Users\Jerry\AppData\Roaming\Wemuiplo
C:\Users\Jerry\AppData\Local\Temp\wajam_install.exe
C:\Users\Jerry\AppData\Local\Temp\wget.exe
end
*****************
bcnajpwo => Service deleted successfully.
HKU\Jerry\Software\Microsoft\Windows\CurrentVersion\Run\\Owexdytuuthiymo => Value deleted successfully.
C:\Users\Jerry\AppData\Roaming\Dyazyrez => Moved successfully.
C:\Users\Jerry\AppData\Roaming\Muarmiy => Moved successfully.
C:\Users\Jerry\AppData\Roaming\Esryotar => Moved successfully.
C:\Users\Jerry\AppData\Roaming\Wemuiplo => Moved successfully.
C:\Users\Jerry\AppData\Local\Temp\wajam_install.exe => Moved successfully.
C:\Users\Jerry\AppData\Local\Temp\wget.exe => Moved successfully.
==== End of Fixlog ====
#29
Posted 02 June 2014 - 02:52 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Do you mean for me to start windows normally and try to run OTL?
Yes.
#30
Posted 02 June 2014 - 04:29 PM
JPowell
- Topic Starter
-
- Member
-
- 70 posts
Member
Phel, Here's the log. Running in Windows on infected machine now. Posting from infected machine. Don't think I got an extras file this time
OTL logfile created on: 6/2/2014 5:04:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.25% Memory free
4.21 Gb Paging File | 3.18 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 35.12 Gb Free Space | 35.45% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/03 22:55:34 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/11 18:59:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/17 17:28:30 | 001,365,304 | ---- | M] (U3 LLC) -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Modules (No Company Name) ==========
MOD - [2014/05/15 04:00:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2007/10/18 16:36:54 | 000,061,440 | ---- | M] () -- C:\Windows\System32\deskMenu2.dll
MOD - [1997/08/26 01:00:00 | 003,782,416 | ---- | M] () -- F:\Office\MSO97.DLL
MOD - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2014/05/31 11:38:51 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 20:00:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sipvzdir.sys -- (sipvzdir)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\riczxsam.sys -- (riczxsam)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/06/02 17:06:08 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74CD6111-2231-44CE-8902-9BD3D9B25F46}\MpKsle3aa23a0.sys -- (MpKsle3aa23a0)
DRV - [2014/05/15 04:00:47 | 000,358,008 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys -- (RapportCerberus_68261)
DRV - [2014/05/03 22:55:48 | 000,170,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/05/03 22:55:46 | 000,249,400 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/04 14:23:50 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 16:34:02 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/12/03 18:05:30 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2009/12/03 18:05:26 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/130
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKCU\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{813192D6-F29D-4C6B-BF36-144F3483B517}: "URL" = http://websearch.ask...0A-DAC339A7FE59
IE - HKCU\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{D40DCCAD-38E9-4EA0-9201-A38D44979C88}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://www.google.co...&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ebayHotStuff%40wangtom.com:1.4.0
FF - prefs.js..extensions.enabledAddons: ebayquicksearch%40upaaya:1.0.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Jerry\AppData\Roaming\nprhapengine.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/20 19:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/15 18:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/06/01 16:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions
[2013/02/11 15:40:54 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2011/11/11 11:03:24 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\ebayquicksearch@upaaya
[2014/05/26 19:05:23 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/03 06:26:33 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 20:00:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/11 19:02:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/07/11 19:00:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmood...CtB&cr=85459033
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
O1 HOSTS File: ([2014/06/01 15:38:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///F:/AutoCad/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///F:/AutoCad/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///F:/AutoCad/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///F:/AutoCad/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F69CB4-D720-4208-855B-A29668017FB6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 00:33:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/05 10:34:54 | 000,000,000 | ---D | M] - F:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f43f1601-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/02 17:02:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/01 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
[2014/06/01 16:10:11 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/01 16:09:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/01 15:37:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/01 14:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/05/31 11:38:51 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/31 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
[2014/05/30 17:34:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
[2014/05/29 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
[2014/05/28 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
[2014/05/27 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
[2014/05/26 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
[2014/05/26 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
[2014/05/25 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
[2014/05/24 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
[2014/05/23 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
[2014/05/22 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
[2014/05/22 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
[2014/05/21 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
[2014/05/20 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
[2014/05/20 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
[2014/05/19 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
[2014/05/18 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
[2014/05/17 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
[2014/05/17 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
[2014/05/16 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
[2014/05/16 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPA 608 Certification
[2014/05/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mainstream Engineering Corporation
[2014/05/15 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
[2014/05/15 03:01:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/14 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
[2014/05/13 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
[2014/05/13 07:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
[2014/05/12 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
[2014/05/11 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
[2014/05/11 02:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
[2014/05/10 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/10 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
[2014/05/09 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
[2014/05/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
[2014/05/08 09:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
[2014/05/07 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
[2014/05/06 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
[2014/05/05 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
[2014/05/05 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
[2014/05/04 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
[2014/05/04 06:46:15 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C2328003-98EF-4638-9235-B971C2B953F3}
[2014/05/03 22:55:46 | 000,123,512 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2014/05/03 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CEFF1141-4635-4C33-8BB6-2C1C7A717512}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/02 17:00:07 | 000,002,433 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2014/06/02 17:00:00 | 000,000,802 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/02 16:59:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 16:59:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 16:59:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 16:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 16:59:27 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/02 08:54:59 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2014/06/01 18:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 16:08:15 | 001,327,971 | ---- | M] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/06/01 16:06:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 15:38:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/01 14:46:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 11:11:14 | 000,002,429 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Excel.lnk
[2014/05/31 11:38:51 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/27 07:54:59 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/26 20:00:00 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
[2014/05/25 17:16:36 | 000,870,128 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2014/05/25 17:16:36 | 000,000,004 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2014/05/22 19:44:14 | 000,060,165 | ---- | M] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:57 | 000,055,120 | ---- | M] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/17 10:59:59 | 000,013,824 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 09:52:22 | 000,002,427 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Word.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2014/05/09 17:52:28 | 000,028,015 | ---- | M] () -- C:\Users\Jerry\Desktop\usefulstuff.rtf
[2014/05/05 18:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/02 16:59:27 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2014/06/02 04:52:20 | 000,000,802 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/01 16:08:09 | 001,327,971 | ---- | C] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/05/31 11:38:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 07:54:59 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/22 19:44:13 | 000,060,165 | ---- | C] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:56 | 000,055,120 | ---- | C] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2013/11/30 10:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2013/08/17 11:21:42 | 000,518,200 | ---- | C] () -- C:\Users\Jerry\almost done.jpg
[2013/08/17 11:21:09 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\20130708_144045.jpg
[2013/08/17 11:17:34 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\repair.jpg
[2010/10/25 13:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/15 19:37:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/07/15 19:37:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2009/01/18 17:11:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/14 10:49:13 | 000,000,000 | -H-- | C] () -- C:\Users\Jerry\Lyn and Jerry Xmas.jpg
[2008/01/27 20:38:49 | 000,013,824 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 19:02:50 | 000,000,052 | -H-- | C] () -- C:\Users\Jerry\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 8256 bytes -> C:\Users\Jerry\Documents\Documents.sdsk:Backup
@Alternate Data Stream - 610 bytes -> C:\Users\Jerry\Documents\Christmas 2012.eml:OECustomProperty
@Alternate Data Stream - 2438 bytes -> C:\Users\Jerry\Documents\Christmas Greetings email 2013.eml:OECustomProperty
@Alternate Data Stream - 1152 bytes -> C:\Users\Jerry\Documents\Re_ [Chukker Nation] just joined 'atlanta pop festivals' group for___.eml:OECustomProperty
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
