[JPowell]

Phel,  My mistake.  Here it is:

 

OTL Extras logfile created on: 6/1/2014 4:45:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.12% Memory free
4.23 Gb Paging File | 2.82 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 35.78 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
 
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222C76C-F433-4EE3-BDB0-6E1AC5ABC187}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{084B701A-C4E7-4101-9D76-D7FFB0FC5610}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0A048B30-7586-4EFE-A839-6584BC015ED5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13234761-2BCC-47FD-BDB5-B97FEC6B5E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C8EAD5D-6563-4A66-8CBA-E338EC741E49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D3E3ABC-1315-4F09-B17E-09373A6FD160}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{32365E40-481F-438A-9075-853EF47885FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{377BF021-320A-4B52-8B2F-C4EEBC007141}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69A338A1-D6FF-47DF-B4F3-5AAEF9A2B545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FDB8227-2072-42DF-BD74-51C2208745B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79791881-49D6-484B-9EA0-C60712C661FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8271B48E-DFDD-4906-B76A-6CF20B8F75A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82CA7C3E-26BF-42B0-9A2E-9B8EE987FC3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EF6AA8-C491-4CEC-91D3-4F326ACAE0E0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{948748D3-5BD0-4C1A-AE90-3121FF943CC0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96F9828E-CECC-4347-A196-380BFBCEFDB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9AF8113E-D8FE-4D1C-86D0-40C5C987BC5E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BA21B74-1365-41EF-A2BE-0F7E5E32B12E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BE2E7656-818C-40C2-A13B-400F6D70FB56}" = lport=59090 | protocol=6 | dir=in | name=akamai netsession interface |
"{D69E4C9A-98D3-4583-8343-D80ADBA3BFF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D89F9092-ABEA-43D4-92E6-D19B63DDB893}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBA8C13F-6592-4119-AC26-431B253421FA}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08667A1D-DD58-41E2-851D-3D43B97A7B38}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{19D836C6-D3DC-4A68-B24E-A89FFB8B5640}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2CF1B485-C0F2-4340-942C-0F161F4D5B48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{30FD82FC-609F-48D7-AE0C-9CBC76B051FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3284FA8B-01A3-4080-BF16-18CE2B42B748}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3312F3DE-D0BB-420D-9259-9D5BB6AEBAB6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{44D43E1C-7EDF-4D73-8B8B-4F9AC4C0D69B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67838048-9BB0-4556-B8B8-981455901FA3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6F9E2F4A-BDC1-4030-AE9C-8C26D725406D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{7CB56C1D-9A12-4D60-A836-1C307DB9CE72}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{7E4C4C56-44BC-4263-902F-D3F12C5006E2}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{8A9F69E0-B508-4FFF-858C-A8E28EE4D6BF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{94D86C03-7E9E-4770-B3C2-5F10AB85281F}" = protocol=6 | dir=out | app=system |
"{9594015C-F649-4F54-B377-7DE32B020B13}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{95F1811F-6C1E-4937-9A13-CE2A5F49A1B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A98299A9-4AFA-4131-B003-10D8DF36C610}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B505A3E3-19E0-4085-959B-666BE4AB0249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B76088C1-0035-4D16-B398-E7149518D9E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA49AC10-F22E-4292-84E2-F7D07DA37873}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{BC94E65B-64EE-4AAE-9BF4-75C926EDDBBF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD0EEA94-BA1B-45B8-B29F-EAB6ADA53F82}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{BEBE91B8-31A2-4D68-B8B7-A757FB131367}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{CAE2BD84-5A63-4958-A0CB-2DAFAE00EEAA}" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"{CB3E29A9-0112-4703-AA27-5FE2CF29EEDD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CF0456FD-DAB9-468F-A8CE-06285EE67F0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D05E5A4D-8851-4449-82BF-3247F2BD4D44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{D297B8BF-AB18-440A-AA87-AF00A365FAEA}" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0B12346-199F-41F4-94AB-34C50ADFC207}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{E92EE118-8851-4B6E-B59B-3B25E519C4F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED679BBD-5739-4DAC-8197-D8BC3426520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0825D56-1AA4-45C4-AD2C-DB8206CD238E}" = protocol=17 | dir=in | app=f:\nmapp.exe |
"{F0DB9CDD-D977-4F28-BDDE-C17BC0761198}" = protocol=6 | dir=in | app=f:\nmapp.exe |
"{F40F40E3-3F00-43AA-ADC2-53793E673855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6F646C-B12C-4370-802F-0AE266DF0FB1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE829CE7-526E-4EA1-BA66-15C5EC0D1960}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{1192589A-2F24-443B-B030-629668788583}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{6F138BD6-CA74-43B4-9B0C-F98A0355D5CC}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C9D421BC-9593-409F-988C-58E022763E69}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F33A3E4E-3DB9-46D2-8AA6-1E3B56F56735}C:\program files\common files\4warn\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{63205D27-8B88-4280-9E6A-AB8DE9B90B4B}C:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8550767F-DA2D-4F78-9663-C018929C2C7D}C:\users\jerry\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8D29355C-8FFE-45D7-AD69-5FF7F57C0AEE}C:\program files\common files\4warn\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\4warn\trueweather.exe |
"UDP Query User{D83BBBF8-BB52-413B-98B6-27192A3422C6}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3473F10F-91E5-4F7C-975E-8D1B067F7472}" = Berlitz Before You Know It Flash Cards
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3AC26580-A695-4134-84AE-5121B3AAE545}" = Readiris Pro 12
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DCC72248-D3D2-4846-8499-A400053A430E}" = TWC User Controls
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8265D3-C3F5-44A3-8FBE-8CDC83BA704B}" = Berlitz Learning System - Spanish
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}" = D1400_Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req
"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}" = D1400
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA3AFC80-05A5-45A6-BD6E-92641BF93129}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8872-1522-2113-8155" = EPA 608 Certification 4.0.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AnswerWorks" = AnswerWorks Runtime
"CAAPH2" = APH placeholder
"CameraUserGuide-PSSD940IS_IXUS120IS" = Canon PowerShot SD940 IS_IXUS 120 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"ExpressTools - AutoCAD 2002" = AutoCAD Express Tools - AutoCAD 2002
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"Google Updater" = Google Updater
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstaCodecs_is1" = InstaCodecs
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office8.0" = Microsoft Office 97, Professional Edition
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PDF Reader" = PDF Reader
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PotPlayer" = Daum PotPlayer 1.5.34115
"Rapport_msi" = Trusteer Endpoint Protection
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"Recovery Toolbox for CD Free_is1" = Recovery Toolbox for CD Free 2.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"sl-dlc" = SelectionLinks
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"ToolPac" = ToolPac
"TrueCrypt" = TrueCrypt
"Volo View Express" = Volo View Express
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live Mail to Mac Mail" = Windows Live Mail to Mac Mail
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"PDF Reader" = PDF Reader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/12/2012 11:11:11 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:11:12 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:11:14 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:11:15 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:12:39 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 11:12:40 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 5/12/2012 6:31:15 PM | Computer Name = homebase | Source = Application Error | ID = 1000
Description = Faulting application acad.exe, version 21.0.6.30, time stamp 0x3ae3de35,
 faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
 code 0xc0000005, fault offset 0x0004a246,  process id 0x14cc, application start time
 0x01cd3088f5f91640.
 
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
 
Error - 5/15/2012 8:59:21 AM | Computer Name = homebase | Source = Windows Search Service | ID = 3013
Description =
 
Error - 5/16/2012 10:29:02 AM | Computer Name = homebase | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 6/1/2014 4:59:35 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2014 4:59:35 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2014 5:00:49 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
 
Error - 6/1/2014 5:00:50 PM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
 
Error - 6/1/2014 5:12:26 PM | Computer Name = homebase | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
 
Error - 6/1/2014 5:12:29 PM | Computer Name = homebase | Source = Print | ID = 23
Description = Printer hp psc 1310 series (Copy 1),3 failed to initialize because
 a suitable hp psc 1310 series driver could not be found. The new printer settings
 that you specified have not taken effect. Install or reinstall the printer driver.
 You might need to contact the vendor for an updated driver.
 
Error - 6/1/2014 5:13:57 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2014 5:13:57 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2014 5:14:18 PM | Computer Name = homebase | Source = Service Control Manager | ID = 7022
Description =
 
Error - 6/1/2014 5:14:19 PM | Computer Name = homebase | Source = LSM | ID = 1048
Description =
 
 
< End of report >
 

[Advertisements]

Is anyone still working this post?

[JPowell]

Is anyone still working this post?

[Phel]

How your computer is running now?

[JPowell]

I don't seem to have any problems.  MSE has quit cleaning and flash player update has quit popping up.  Is there any way to refresh this page to check for new communications other than to go to my content and reload it?

[Phel]

Is there any way to refresh this page to check for new communications other than to go to my content and reload it?

 
Just press F5 on your keyboard while you are on this page.
 
Nice, let's continue to clean your PC now completely.
 
Step 1. OTL fix.

• Run OTL.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :Commands
  [CREATERESTOREPOINT]
  
  :OTL
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sipvzdir.sys -- (sipvzdir)
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\riczxsam.sys -- (riczxsam)
  
  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.

Step 2. AdwCleaner scan.

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• Adwcleaner window should appear.
• Click on the Clean button.
• Click on OK.
• Computer will be rebooted automatically, when program will finish it's job.

After reboot:

• Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
• AdwCleaner window should appear.
• Click on the Scan button.
• When scan will be finished, click Report button.
• Now ahould appear Notepad window with report. Post the contents of the report in your next message.

Step 3. Changing Chrome Search provider and Homepage.

• Click the Chrome menu on the browser toolbar.
• Select Settings
• In the "Search" section, select the search engine you want to use from the menu. (Google)
• Restart Chrome.

Step 4. OTL scan.

• Run OTL.
• Click on Scan All Users checkbox, which is located near Quick Scan button.
• Then click the Run Scan button at the top.
• Let the program run unhindered.
• When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.

So, please, don't forget to post in your next message:

• OTL.txt
• AdwCleaner log

[JPowell]

Phel,  AdWare clean button not available.  Has an x in it.

[Phel]

AdWare clean button not available.  Has an x in it.

before "3. Click on the Clean button." click on the Scan button and wait until scan will be finished.

[JPowell]

Phel,  I don't have Chrome on this PC.  logs follow:

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 17:22:26
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Jerry - HOMEBASE
# Running from : C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9230 octets] - [01/06/2014 16:09:14]
AdwCleaner[R1].txt - [1064 octets] - [03/06/2014 17:21:28]
AdwCleaner[S0].txt - [9447 octets] - [01/06/2014 16:10:54]
AdwCleaner[S1].txt - [989 octets] - [03/06/2014 17:22:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1048 octets] ##########

 

OTL logfile created on: 6/3/2014 5:34:11 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.65% Memory free
4.23 Gb Paging File | 2.76 Gb Available in Paging File | 65.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 36.51 Gb Free Space | 36.85% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
 
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2014/05/31 11:38:51 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/10 20:00:47 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/03 22:55:34 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/11 18:59:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/17 17:28:30 | 001,365,304 | ---- | M] (U3 LLC) -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/31 11:38:48 | 016,361,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/15 04:00:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/05/10 20:00:21 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2007/10/18 16:36:54 | 000,061,440 | ---- | M] () -- C:\Windows\System32\deskMenu2.dll
MOD - [1997/08/26 01:00:00 | 003,782,416 | ---- | M] () -- F:\Office\MSO97.DLL
MOD - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2014/05/31 11:38:51 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 20:00:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/06/03 17:30:13 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C18E20E-D775-49DE-9F20-8F40D9395F25}\MpKsl7c6fac63.sys -- (MpKsl7c6fac63)
DRV - [2014/05/15 04:00:47 | 000,358,008 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys -- (RapportCerberus_68261)
DRV - [2014/05/03 22:55:48 | 000,170,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/05/03 22:55:46 | 000,249,400 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/04 14:23:50 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 16:34:02 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/12/03 18:05:30 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2009/12/03 18:05:26 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/130
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{813192D6-F29D-4C6B-BF36-144F3483B517}: "URL" = http://websearch.ask...0A-DAC339A7FE59
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{D40DCCAD-38E9-4EA0-9201-A38D44979C88}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://www.google.co...&rlz=1I7GGIT_en
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ebayHotStuff%40wangtom.com:1.4.0
FF - prefs.js..extensions.enabledAddons: ebayquicksearch%40upaaya:1.0.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Jerry\AppData\Roaming\nprhapengine.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/20 19:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
 
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/15 18:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/06/02 18:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions
[2013/02/11 15:40:54 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2011/11/11 11:03:24 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\ebayquicksearch@upaaya
[2014/05/26 19:05:23 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/03 06:26:33 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 20:00:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/11 19:02:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/07/11 19:00:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmood...CtB&cr=85459033
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
 
O1 HOSTS File: ([2014/06/01 15:38:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Akamai NetSession Interface] C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///F:/AutoCad/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///F:/AutoCad/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///F:/AutoCad/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///F:/AutoCad/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F69CB4-D720-4208-855B-A29668017FB6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 00:33:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/05 10:34:54 | 000,000,000 | ---D | M] - F:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f43f1601-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/03 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{49F166D7-2A24-497F-BAA2-0942443E719E}
[2014/06/02 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{3CB5B22B-065E-4462-9B72-BA7002ACCD19}
[2014/06/02 17:02:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/01 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
[2014/06/01 16:10:11 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/01 16:09:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/01 15:37:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/01 14:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/05/31 11:38:51 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/31 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
[2014/05/30 17:34:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
[2014/05/29 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
[2014/05/28 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
[2014/05/27 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
[2014/05/26 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
[2014/05/26 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
[2014/05/25 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
[2014/05/24 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
[2014/05/23 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
[2014/05/22 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
[2014/05/22 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
[2014/05/21 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
[2014/05/20 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
[2014/05/20 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
[2014/05/19 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
[2014/05/18 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
[2014/05/17 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
[2014/05/17 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
[2014/05/16 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
[2014/05/16 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPA 608 Certification
[2014/05/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mainstream Engineering Corporation
[2014/05/15 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
[2014/05/15 03:01:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/14 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
[2014/05/13 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
[2014/05/13 07:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
[2014/05/12 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
[2014/05/11 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
[2014/05/11 02:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
[2014/05/10 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/10 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
[2014/05/09 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
[2014/05/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
[2014/05/08 09:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
[2014/05/07 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
[2014/05/06 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
[2014/05/05 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
[2014/05/05 06:46:43 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{A9CFE7FB-AC85-47C0-ABC7-153A32827C9C}
[2014/05/04 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{98863933-F197-481A-A96F-D64FB74BA775}
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/03 17:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/03 17:24:33 | 000,002,433 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2014/06/03 17:24:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/03 17:24:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 17:24:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 17:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/03 17:23:50 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 16:59:59 | 000,000,802 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/02 20:00:32 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
[2014/06/02 08:54:59 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2014/06/01 16:08:15 | 001,327,971 | ---- | M] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/06/01 16:06:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 15:38:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/01 14:46:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 11:11:14 | 000,002,429 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Excel.lnk
[2014/05/31 11:38:51 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/27 07:54:59 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/25 17:16:36 | 000,870,128 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2014/05/25 17:16:36 | 000,000,004 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2014/05/22 19:44:14 | 000,060,165 | ---- | M] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:57 | 000,055,120 | ---- | M] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/17 10:59:59 | 000,013,824 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 09:52:22 | 000,002,427 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Word.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2014/05/09 17:52:28 | 000,028,015 | ---- | M] () -- C:\Users\Jerry\Desktop\usefulstuff.rtf
[2014/05/05 18:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/02 16:59:27 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2014/06/02 04:52:20 | 000,000,802 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/01 16:08:09 | 001,327,971 | ---- | C] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/05/31 11:38:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 07:54:59 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/22 19:44:13 | 000,060,165 | ---- | C] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:56 | 000,055,120 | ---- | C] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2013/11/30 10:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2013/08/17 11:21:42 | 000,518,200 | ---- | C] () -- C:\Users\Jerry\almost done.jpg
[2013/08/17 11:21:09 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\20130708_144045.jpg
[2013/08/17 11:17:34 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\repair.jpg
[2010/10/25 13:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/15 19:37:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/07/15 19:37:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2009/01/18 17:11:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/14 10:49:13 | 000,000,000 | -H-- | C] () -- C:\Users\Jerry\Lyn and Jerry Xmas.jpg
[2008/01/27 20:38:49 | 000,013,824 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 19:02:50 | 000,000,052 | -H-- | C] () -- C:\Users\Jerry\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8256 bytes -> C:\Users\Jerry\Documents\Documents.sdsk:Backup
@Alternate Data Stream - 610 bytes -> C:\Users\Jerry\Documents\Christmas 2012.eml:OECustomProperty
@Alternate Data Stream - 2438 bytes -> C:\Users\Jerry\Documents\Christmas Greetings email 2013.eml:OECustomProperty
@Alternate Data Stream - 1152 bytes -> C:\Users\Jerry\Documents\Re_ [Chukker Nation] just joined 'atlanta pop festivals' group for___.eml:OECustomProperty

< End of report >


 

[JPowell]

Anyone had a chance to look at the logs?

[JPowell]

Is my PC clean?

[Phel]

Is my PC clean?

 
Not yet. In this step we will remove dead leftovers of previous antivirus software, which was not completely uninstalled from your computer. In next post we'll scan your computer for inactive malware leftovers. If there aren't any complications, after these steps you will be free.
 
Please, follow these steps:
 
Step 1. OTL fix.

• Run OTL.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :Commands
  [CREATERESTOREPOINT]
  
  :OTL
  IE - HKU\S-1-5-18\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
  IE - HKU\.DEFAULT\..\SearchScopes\{4B7531D0-ECB1-4A0A-8EDD-305A9BADBD9A}: "URL" = http://search.callin...ing}&cl=ie&p=go
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
  SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
  SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
  
  :Files
  C:\Users\Jerry\AppData\Local\Google\Chrome
  C:\Program Files\CA\CA Internet Security Suite\
  
  :Commands
  [REBOOT]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.

Step 2. OTL scan.

• Run OTL.
• Click on Scan All Users checkbox, which is located near Quick Scan button.
• Then click the Run Scan button at the top.
• Let the program run unhindered.
• When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.

So, please, don't forget to post in your next message:

• OTL.txt

[JPowell]

phel,  Here's the log.

 

OTL logfile created on: 6/4/2014 6:05:21 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerry\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 41.95% Memory free
4.23 Gb Paging File | 2.95 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.06 Gb Total Space | 37.45 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive D: | 8.27 Gb Total Space | 1.12 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive F: | 41.71 Gb Total Space | 40.57 Gb Free Space | 97.27% Space Free | Partition Type: NTFS
 
Computer Name: HOMEBASE | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
PRC - [2014/05/31 11:38:51 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/10 20:00:47 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/05/03 22:55:34 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/11 18:59:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
PRC - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/17 17:28:30 | 001,365,304 | ---- | M] (U3 LLC) -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/31 11:38:48 | 016,361,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/15 04:00:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/05/10 20:00:21 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2007/10/18 16:36:54 | 000,061,440 | ---- | M] () -- C:\Windows\System32\deskMenu2.dll
MOD - [1997/08/26 01:00:00 | 003,782,416 | ---- | M] () -- F:\Office\MSO97.DLL
MOD - [1997/08/26 01:00:00 | 000,111,376 | ---- | M] () -- F:\Office\FINDFAST.EXE
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/31 11:38:51 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 20:00:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 22:55:36 | 001,882,392 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2009/12/03 17:49:40 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/18 12:18:48 | 000,245,760 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:39:12 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/06/04 18:05:41 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85096B3A-6C7E-4779-8BAE-C447AC48C14A}\MpKslc54e3227.sys -- (MpKslc54e3227)
DRV - [2014/05/15 04:00:47 | 000,358,008 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys -- (RapportCerberus_68261)
DRV - [2014/05/03 22:55:48 | 000,170,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/05/03 22:55:46 | 000,249,400 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/05/03 22:55:46 | 000,123,512 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/04 14:23:50 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 16:34:02 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/12/03 18:05:30 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV - [2009/12/03 18:05:26 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/130
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes,DefaultScope = {DD205B73-FDF2-4BF7-896A-4B481DC8C356}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{3F000413-FB73-AF16-811C-585C6121E9E5}: "URL" = http://isearch.avg.com/search?cid={E0B5C16E-1F66-47CD-8BA2-603A817ADE67}&mid=879e08053eac47d1b7afd152ff4a3108-f461d1947ebba48ba34175780e30c23392bcfbb6&lang=en&ds=ts022&pr=sa&d=2012-03-14 08:21:54&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{813192D6-F29D-4C6B-BF36-144F3483B517}: "URL" = http://websearch.ask...0A-DAC339A7FE59
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{8BE95685-CE85-47EE-820F-FE3299DB0C44}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{CD9B5D94-BF39-4AEA-8F1D-551EA2F64A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{D40DCCAD-38E9-4EA0-9201-A38D44979C88}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{DD205B73-FDF2-4BF7-896A-4B481DC8C356}: "URL" = http://www.google.co...&rlz=1I7GGIT_en
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\..\SearchScopes\{E0294AC9-A998-407F-94AC-C157A9593C46}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-12636547-771394101-443526146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ebayHotStuff%40wangtom.com:1.4.0
FF - prefs.js..extensions.enabledAddons: ebayquicksearch%40upaaya:1.0.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Jerry\AppData\Roaming\nprhapengine.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/20 19:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/10 20:00:10 | 000,000,000 | ---D | M]
 
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2010/07/12 11:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/15 18:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/06/02 18:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions
[2013/02/11 15:40:54 | 000,000,000 | ---D | M] (Ebay Button) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2011/11/11 11:03:24 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\ebayquicksearch@upaaya
[2014/05/26 19:05:23 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\[email protected]
[2014/05/03 06:26:33 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\wnsxire7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 20:00:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/11 19:02:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/07/11 19:00:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/06/01 15:38:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKU\S-1-5-21-12636547-771394101-443526146-1000..\Run: [Akamai NetSession Interface] C:\Users\Jerry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-12636547-771394101-443526146-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///F:/AutoCad/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///F:/AutoCad/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///F:/AutoCad/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///F:/AutoCad/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F69CB4-D720-4208-855B-A29668017FB6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/07 00:33:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/05 10:34:54 | 000,000,000 | ---D | M] - F:\AutoCad -- [ NTFS ]
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0e49f644-b736-11dc-8bb9-001bb9aed8fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f43f1601-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell - "" = AutoRun
O33 - MountPoints2\{f43f1604-8542-11de-9b2a-001bb9aed8fb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 08:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{0BB4874F-D7FA-468A-BC40-F45D080DBD5C}
[2014/06/03 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{49F166D7-2A24-497F-BAA2-0942443E719E}
[2014/06/02 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{3CB5B22B-065E-4462-9B72-BA7002ACCD19}
[2014/06/02 17:02:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/01 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B9AB7F01-9924-4D37-8D8D-A1AAF1163AB5}
[2014/06/01 16:10:11 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/01 16:09:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/01 15:37:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/01 14:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/05/31 11:38:51 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/31 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{2335D2D3-8455-48AC-948E-5FE3F8D9E809}
[2014/05/30 17:34:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{42CFE107-D642-483F-9829-AA4699DE5F90}
[2014/05/29 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F2DBF9BF-D2EF-4903-9F3D-195A303231F8}
[2014/05/28 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{04A0411F-C6B8-439C-9C29-DDE29A8C8206}
[2014/05/27 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACFFC013-544A-4122-9D60-AEAE8FC01490}
[2014/05/26 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{BD2A0925-3079-4262-8AA3-38A55391FBB7}
[2014/05/26 09:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CF62984B-1635-4D9E-AC6F-D02C2427DAD0}
[2014/05/25 08:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71872893-A38C-4358-864D-3BDBF71D9915}
[2014/05/24 09:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{B8679765-30CD-45CE-BC41-9E76E82882B0}
[2014/05/23 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C5F0AD8D-95E7-4DB1-8624-B5A5971C303F}
[2014/05/22 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D5C6441D-A9F0-4450-94F8-039214A61AC3}
[2014/05/22 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{6CB69F05-AE5D-4AEE-B505-A33CFB786322}
[2014/05/21 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{00EE6ABD-E481-48EB-9EF0-E647702F9B13}
[2014/05/20 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D9A33CC6-087A-483B-986F-E6B21777F12F}
[2014/05/20 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{71878FEB-5EA0-4F4A-B53D-405C6A6B9DFE}
[2014/05/19 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{8399D6F1-1CE9-47E3-9A8D-56804DE0D923}
[2014/05/18 10:14:23 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{F74B502D-BF22-4954-93BE-3DAAE1CBDF6D}
[2014/05/17 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{CC65B72A-3016-4E34-8A54-7EF17E0B9481}
[2014/05/17 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{ACDBF46F-2E40-47A7-809A-72A6BAA3766C}
[2014/05/16 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{7D8881D6-D52C-4762-8009-305361CE4FAF}
[2014/05/16 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPA 608 Certification
[2014/05/16 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mainstream Engineering Corporation
[2014/05/15 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{649C069D-5763-42F5-92AC-19CF354DCD3C}
[2014/05/15 03:01:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/14 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{DCB45356-313D-494D-AD32-D98E51057CE4}
[2014/05/13 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{1D8F7CA9-8C20-444B-ABDA-F433A008EF3C}
[2014/05/13 07:00:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{662E805A-DC67-42A1-A8FF-8F6DFE5AA90F}
[2014/05/12 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{5B873C99-2142-4AA1-8EE2-6047B8BE4CD5}
[2014/05/11 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{4BA563AE-1320-40E0-97E9-06A51A2A1F18}
[2014/05/11 02:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{31FA8926-9B99-4350-A35F-B4A817F126BE}
[2014/05/10 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/10 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{61C705CF-D43B-4C05-B807-4E77E5803FAF}
[2014/05/09 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{9135CF6B-9556-4976-AFD9-E370AB26FD41}
[2014/05/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C8085A39-2394-46AE-81CF-51A26B8C26E6}
[2014/05/08 09:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{FA38C2E4-1143-49B1-8EF9-E40C15CCD318}
[2014/05/07 10:29:22 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{11BF96A2-1C53-4D99-90D1-DE6FC5D5DF91}
[2014/05/06 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{C21452E0-7D01-4D41-AC76-742BA2AC9726}
[2014/05/05 18:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\{D56FA4F7-6058-45F2-8A7A-65C7D424EA8B}
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/04 18:00:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 18:00:46 | 000,002,433 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2014/06/04 18:00:13 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 18:00:13 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 17:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 17:59:55 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 17:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 16:59:59 | 000,000,802 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/02 20:00:32 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
[2014/06/02 08:54:59 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2014/06/01 16:08:15 | 001,327,971 | ---- | M] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/06/01 16:06:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 15:38:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/01 14:46:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/06/01 14:06:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\OTL.exe
[2014/06/01 11:11:14 | 000,002,429 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Excel.lnk
[2014/05/31 11:38:51 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/31 11:38:51 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/27 07:54:59 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/25 17:16:36 | 000,870,128 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2014/05/25 17:16:36 | 000,000,004 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2014/05/22 19:44:14 | 000,060,165 | ---- | M] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:57 | 000,055,120 | ---- | M] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/17 10:59:59 | 000,013,824 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 09:52:22 | 000,002,427 | ---- | M] () -- C:\Users\Jerry\Desktop\Microsoft Word.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | M] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2014/05/09 17:52:28 | 000,028,015 | ---- | M] () -- C:\Users\Jerry\Desktop\usefulstuff.rtf
[2014/05/05 18:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Jerry\Documents\*.tmp files -> C:\Users\Jerry\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/02 16:59:27 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2014/06/02 04:52:20 | 000,000,802 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 854104521.job
[2014/06/01 16:08:09 | 001,327,971 | ---- | C] () -- C:\Users\Jerry\Desktop\adwcleaner_3.211.exe
[2014/05/31 11:38:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 07:54:59 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\SharedSettings.ccs
[2014/05/22 19:44:13 | 000,060,165 | ---- | C] () -- C:\Users\Jerry\Documents\sp500.pdf
[2014/05/22 19:42:56 | 000,055,120 | ---- | C] () -- C:\Users\Jerry\Documents\Shiller.pdf
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,002,323 | ---- | C] () -- C:\Users\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\EPA 608 Certification.lnk
[2014/05/16 18:33:54 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\Printable Manuals and Help Files.lnk
[2014/05/15 18:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\Documents\20140515_181740_resized.jpg
[2013/11/30 10:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2013/08/17 11:21:42 | 000,518,200 | ---- | C] () -- C:\Users\Jerry\almost done.jpg
[2013/08/17 11:21:09 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\20130708_144045.jpg
[2013/08/17 11:17:34 | 000,000,000 | ---- | C] () -- C:\Users\Jerry\repair.jpg
[2010/10/25 13:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/15 19:37:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/07/15 19:37:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\FF41A7
[2009/01/18 17:11:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/14 10:49:13 | 000,000,000 | -H-- | C] () -- C:\Users\Jerry\Lyn and Jerry Xmas.jpg
[2008/01/27 20:38:49 | 000,013,824 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 19:02:50 | 000,000,052 | -H-- | C] () -- C:\Users\Jerry\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8256 bytes -> C:\Users\Jerry\Documents\Documents.sdsk:Backup
@Alternate Data Stream - 610 bytes -> C:\Users\Jerry\Documents\Christmas 2012.eml:OECustomProperty
@Alternate Data Stream - 2438 bytes -> C:\Users\Jerry\Documents\Christmas Greetings email 2013.eml:OECustomProperty
@Alternate Data Stream - 1152 bytes -> C:\Users\Jerry\Documents\Re_ [Chukker Nation] just joined 'atlanta pop festivals' group for___.eml:OECustomProperty

< End of report >
 

[JPowell]

Anyone have a chance to look at that log to see if Im' clean?

[Phel]

Sorry for delay, yesterday I was sick so couldn't reply to you.
 
Step 1. MBAM scan.
 
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup<build number here>.exe to install the application.

• Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware.
• Make sure that checkmark is NOT placed next to Enable free trial of Malwarebytes Anti-Malware Premium.
• Click Finish.
• Malwarebytes Anti-Malware will be launched.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, click big green button Scan now.
• The scan may take some time to finish, so please be patient.
• When the scan is completed, click Copy to Clipboard button.
• Click Cancel, after that - Yes.
• Paste the entire report in your next reply.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box.
• Tick the box next to YES, I accept the Terms of Use then click on: Start.
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish.
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

• ESET Online Scanner's log
• MBAM log

[JPowell]

Phel, I did not disable any Anti-Virus programs.  Missed that detail in the instructions.  However, all I use is Microsoft Essentials.  Never had a virus until I opened that email that I should not have opened.  I can run again if necessary but here are the results so far:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2014
Scan Time: 2:02:11 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.07
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Jerry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259828
Time Elapsed: 31 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 17
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_04970f00.exe, , [5ce36510abd01f173de3fe43ba4610f0],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_1c6f9505.exe, , [7bc4165fd6a50f275fc146fbda269070],
Trojan.Zbot, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_20a0225e.exe, , [d56a9dd86e0dab8beeb1087c98696898],
Trojan.PolyCrypt.Gen, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_236c162e.exe, , [320dc4b1d0abcc6ac3874a84d729f50b],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_4b7d7125.exe, , [44fbff7688f379bdba666cd554ac857b],
Trojan.PolyCrypt.Gen, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_57ca4ff4.exe, , [ab94c9ac601bd75f4ffb20aec43c32ce],
Trojan.PolyCrypt.Gen, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_71b0d412.exe, , [231cc6aff982ff37cd7dd9f5cf31f010],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_92c0fd4b.exe, , [8eb13b3a5d1e91a5200068d97c849769],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_9a16ce87.exe, , [69d6b8bdc5b6f73f4ed28ab72cd42ed2],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_ac4e6c52.exe, , [241baacb3e3d979f4ad66cd521df47b9],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_b4440e37.exe, , [9aa5e19415669c9ab66aa1a043bd05fb],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_b6845a25.exe, , [350a8ee73a4196a0fe2c1371c43d7b85],
Trojan.Agent.ED, C:\Users\Jerry\AppData\Local\Temp\UpdateFlashPlayer_c4a2c6b2.exe, , [0639de9738436ec8bf6118292ad6bd43],
PUP.Optional.Adpeak, C:\Users\Jerry\AppData\Local\Temp\is357113909\dealcabby.exe, , [8fb090e5d4a7f64035d6d76550b4fa06],
PUP.Optional.Babylon.A, C:\Users\Jerry\AppData\Local\Temp\is357113909\MyBabylonTB.exe, , [73cca7ce85f6ca6c1ca844da4eb2d729],
PUP.Optional.InstallIQ.A, C:\Users\Jerry\Downloads\installfreefileopener_553.exe, , [251ab8bdafcc79bd86efed2b9e63e11f],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 854104521.job, , [a798beb7700b6fc77f5310aa56ad20e0],

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=09a55a6e783e5548b86b922b2f095a27
# engine=18597
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-06 08:01:41
# local_time=2014-06-06 03:01:41 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5429278 96150905 0 0
# scanned=460
# found=0
# cleaned=0
# scan_time=49
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=09a55a6e783e5548b86b922b2f095a27
# engine=18597
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-07 01:21:13
# local_time=2014-06-06 08:21:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5448450 96170077 0 0
# scanned=258463
# found=35
# cleaned=23
# scan_time=18912
sh=AADF0D01571CDF323227B5C5880B76F5AD026A35 ft=1 fh=c356f278a69be97c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\ApnStub.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\AskSLib.dll"
sh=98CA40033AED37C78A3FE5257744FD7B8A231246 ft=1 fh=651eebf1a1c90d3a vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\2260688.Uninstall\Uninstall.exe"
sh=619E49858C92EC2A540E31376FC1857C34F39FCC ft=1 fh=f51fe9818d7cd1bd vn="Win32/Toolbar.CrossRider.B potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\is1373634743\GiantSavings_US.exe"
sh=5FEEB51E86657E9E1C55BB1EA5F833C3D3AB69A3 ft=1 fh=b127ba9ffbdf4c97 vn="Win32/Adware.DealCabby.A application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\is357113909\dealcabby.exe"
sh=DDDC8F8489D2EAF9E44050506438CE5DCBC4D468 ft=1 fh=59bb2996abaa8221 vn="a variant of Win32/Toolbar.Funmoods potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\is357113909\FunmoodsLatest.exe"
sh=619E49858C92EC2A540E31376FC1857C34F39FCC ft=1 fh=f51fe9818d7cd1bd vn="Win32/Toolbar.CrossRider.B potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\is357113909\GiantSavings_US.exe"
sh=1103B0B81C5410132695E0078186B9E457EFEC62 ft=1 fh=c258132ea2ed6b3f vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\is357113909\MyBabylonTB.exe"
sh=A250E3E8DE8902A9F402F08BA2E85C1A2987181E ft=0 fh=0000000000000000 vn="Win32/DownloadAdmin.F potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\nsg9F60.tmp\__localxml.xml"
sh=945467351C8FCE758D609D80D1BD87BD53CD70D0 ft=1 fh=af8395d841072c98 vn="Win32/Toolbar.Zugo.D potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\nssAD97.tmp\zplugins.dll"
sh=945467351C8FCE758D609D80D1BD87BD53CD70D0 ft=1 fh=af8395d841072c98 vn="Win32/Toolbar.Zugo.D potentially unwanted application" ac=I fn="C:\Users\Jerry\AppData\Local\Temp\nsv2E94.tmp\zplugins.dll"
sh=8B9CD4E3012E78D26FEF7EE6FB818AF02688424D ft=1 fh=8efeeb32c935bf27 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Jerry\Downloads\installfreefileopener_553.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=AADF0D01571CDF323227B5C5880B76F5AD026A35 ft=1 fh=c356f278a69be97c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\ApnStub.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\AskSLib.dll"
sh=98CA40033AED37C78A3FE5257744FD7B8A231246 ft=1 fh=651eebf1a1c90d3a vn="a variant of Win32/InstallCore.AY potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\2260688.Uninstall\Uninstall.exe"
sh=619E49858C92EC2A540E31376FC1857C34F39FCC ft=1 fh=f51fe9818d7cd1bd vn="Win32/Toolbar.CrossRider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\is1373634743\GiantSavings_US.exe"
sh=5FEEB51E86657E9E1C55BB1EA5F833C3D3AB69A3 ft=1 fh=b127ba9ffbdf4c97 vn="Win32/Adware.DealCabby.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\is357113909\dealcabby.exe"
sh=DDDC8F8489D2EAF9E44050506438CE5DCBC4D468 ft=1 fh=59bb2996abaa8221 vn="a variant of Win32/Toolbar.Funmoods potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\is357113909\FunmoodsLatest.exe"
sh=619E49858C92EC2A540E31376FC1857C34F39FCC ft=1 fh=f51fe9818d7cd1bd vn="Win32/Toolbar.CrossRider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\is357113909\GiantSavings_US.exe"
sh=1103B0B81C5410132695E0078186B9E457EFEC62 ft=1 fh=c258132ea2ed6b3f vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\is357113909\MyBabylonTB.exe"
sh=A250E3E8DE8902A9F402F08BA2E85C1A2987181E ft=0 fh=0000000000000000 vn="Win32/DownloadAdmin.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\nsg9F60.tmp\__localxml.xml"
sh=945467351C8FCE758D609D80D1BD87BD53CD70D0 ft=1 fh=af8395d841072c98 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\nssAD97.tmp\zplugins.dll"
sh=945467351C8FCE758D609D80D1BD87BD53CD70D0 ft=1 fh=af8395d841072c98 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\AppData\Local\Temp\nsv2E94.tmp\zplugins.dll"
sh=8B9CD4E3012E78D26FEF7EE6FB818AF02688424D ft=1 fh=8efeeb32c935bf27 vn="a variant of Win32/InstallIQ.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jerry\Downloads\installfreefileopener_553.exe"
sh=BD4BF18EB53111E5EE6E2A99AFDFFD04B89D9B1D ft=1 fh=a757f100fe741a32 vn="Win32/Wajam.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Jerry\AppData\Local\Temp\wajam_install.exe.xBAD"
sh=2E54DB0AD02ABB3252A76827F66C1CD4E9A30BFB ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\Mainstream Engineering Corporation\EPA 608 Certification\EPA_Prep.jar"
sh=53748A2C72CA0EE0F1138384FF0472F7C1D4FF18 ft=1 fh=8cef329a4b1f5033 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MP30GLI\genfix-e-uld[1]"
sh=D51128B2F0E3C4535864645262886325A85B0AF6 ft=1 fh=54adc96d46817005 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43WVHB6B\search-update-d[1]"
sh=53748A2C72CA0EE0F1138384FF0472F7C1D4FF18 ft=1 fh=8cef329a4b1f5033 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ER9BBPY\genfix-e-uld[1]"
sh=748A10090058AF0CCC6DF8ED50359AEA8A04893A ft=1 fh=f91943a14eea9105 vn="a variant of Win32/Toolbar.Zugo potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ER9BBPY\updater-startnow-200-2.5-d[1].exe"
sh=D51128B2F0E3C4535864645262886325A85B0AF6 ft=1 fh=54adc96d46817005 vn="Win32/Toolbar.Zugo.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMFRN0YP\search-update-d[1]"
sh=D3EE2F71F6E2BC5C4D26C8C83CE5E45CFF3D5CC0 ft=1 fh=ed3708bad3786960 vn="probably unknown NewHeur_PE virus (cleaned by deleting - quarantined)" ac=C fn="D:\hp\Apps\APP26013\src\install\Spanish\games\lostcityofgold-setup.exe"
sh=B4A328144501F60EBC5AE7CAC769A778812F9853 ft=1 fh=e6dd274683e8ad1a vn="probably unknown NewHeur_PE virus (cleaned by deleting - quarantined)" ac=C fn="D:\hp\Apps\APP26013\src\install\Spanish\games\treasurepyramid-setup.exe"