Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

GorillaPrice still in Services tab of Task Manager & Program Files

Started by patriciapcwu , Jul 11 2014 08:46 PM

  • This topic is locked This topic is locked

#1
patriciapcwu
Posted 11 July 2014 - 08:46 PM

patriciapcwu

    Member

  • Member
  • PipPip
  • 16 posts

Hi,

 

I have been trying to get rid of GorillaPrice from my mom's computer. Revo Uninstaller said it is uninstalled but this program is still running when I checked the services tab in task manager. This appplication is also found in Program Files x86. I tried to delete from x86 but windows said it cannot be deleted because the folder or a file in it is open in another program.

 

I appreciate your help.

 

Patricia

 

Below is the log from OTL.

 

OTL logfile created on: 7/11/2014 7:24:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie Wu\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.87% Memory free
7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 187.67 Gb Free Space | 73.84% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.16 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
 
Computer Name: JULIEWU-PC | User Name: Julie Wu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/11 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie Wu\Downloads\OTL.exe
PRC - [2014/06/05 21:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/01 06:32:46 | 000,420,864 | ---- | M] () -- C:\Program Files (x86)\gorillaprice\gorillaprice.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/06/23 05:39:54 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/01/15 04:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2009/12/23 10:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 10:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/22 05:40:58 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 21:38:46 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/02/15 09:04:40 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/02/15 09:04:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/09 10:27:20 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 10:26:35 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/09 10:26:16 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/09 10:26:05 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/09 10:25:59 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/09 10:25:57 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/09 10:25:50 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 19:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 19:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/12/13 07:34:45 | 000,654,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2009/09/22 11:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 07:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/07/09 20:29:05 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/06/23 05:39:54 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 10:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/15 20:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 07:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 07:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/04 17:23:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/03/31 00:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/26 02:14:52 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/18 03:35:10 | 000,215,168 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010/03/11 20:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 15:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 02:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/12/17 03:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 04:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 20:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/07/06 12:11:49 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140711.018\ex64.sys -- (NAVEX15)
DRV - [2014/07/06 12:11:49 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140711.018\eng64.sys -- (NAVENG)
DRV - [2014/06/10 21:11:07 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/10 21:11:07 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/05/09 18:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20140703.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/24 09:06:08 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20140711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13081;
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Julie Wu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Julie Wu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julie Wu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julie Wu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFF [2013/10/09 10:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2014/07/11 19:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/27 20:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/11 18:57:23 | 000,000,000 | ---D | M]
 
[2014/06/14 18:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Wu\AppData\Roaming\Mozilla\Extensions
[2014/07/11 10:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Wu\AppData\Roaming\Mozilla\Firefox\Profiles\3ty01d6k.default-1405096260166\extensions
[2014/05/27 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/27 20:10:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/14 18:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/27 20:10:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/14 18:51:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2011/03/16 15:33:56 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RidSpywareShield] C:\Program Files (x86)\Rid Spyware\RidSpywareShield.exe File not found
O4:64bit: - HKLM..\Run: [RidSpywareUpdater] C:\Program Files (x86)\Rid Spyware\RidSpywareUpdate.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Julie Wu\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON NX430 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\JULIEW~1\AppData\Local\Temp\E_SD394.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Epson Stylus NX430(??)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\JULIEW~1\AppData\Local\Temp\E_SD2C9.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\ppsap.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.yardiasp...ivexviewer9.cab (Crystal Report Viewer Control 9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1B63321-44E3-469C-8CC5-399E409BC4EA}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/11 09:40:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/11 18:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/07/11 18:45:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/11 18:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/07/11 18:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/11 18:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/11 18:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/07/11 10:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GridinSoft
[2014/07/11 09:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/07/11 09:31:04 | 000,000,000 | ---D | C] -- C:\Users\Julie Wu\Desktop\Old Firefox Data
[2014/07/09 19:59:18 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/06/14 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/06/14 17:06:50 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/14 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Julie Wu\AppData\Local\NPE
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/11 19:27:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/11 19:18:27 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/11 19:18:27 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/11 19:18:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2377637077-1533906764-3803053460-1000UA.job
[2014/07/11 19:10:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/11 19:10:06 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/11 18:26:54 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/07/11 18:26:54 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/07/11 18:26:54 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/07/11 10:01:17 | 000,000,495 | ---- | M] () -- C:\Users\Julie Wu\Desktop\Removable Disk (E) - Shortcut.lnk
[2014/07/11 09:40:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/09 20:18:05 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2377637077-1533906764-3803053460-1000Core.job
[2014/06/14 18:51:17 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/14 18:37:12 | 000,001,214 | ---- | M] () -- C:\Users\Julie Wu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/14 17:02:47 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/11 09:40:13 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/14 18:51:17 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/14 18:51:16 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/20 17:07:12 | 000,000,691 | ---- | C] () -- C:\Users\Julie Wu\Libraries - Shortcut.lnk
[2010/11/03 16:55:41 | 000,004,096 | -H-- | C] () -- C:\Users\Julie Wu\AppData\Local\keyfile3.drm
[2010/09/17 04:59:04 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/11 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\360safe
[2011/03/04 22:55:55 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\360se
[2010/09/17 05:09:52 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ArcSyncConfig
[2012/04/13 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/18 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Epson
[2010/09/26 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ID Vault
[2011/11/04 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Leadertech
[2011/04/03 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\McGraw-HillLicensing
[2010/09/17 04:52:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ooVoo Details
[2014/06/14 16:59:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Open Download Manager
[2011/04/11 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\PPStream
[2011/04/11 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Tific
[2011/02/11 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/01/11 20:26:48 | 000,000,162 | -H-- | M] ()(C:\Users\Julie Wu\Desktop\~$?山風景.docx) -- C:\Users\Julie Wu\Desktop\~$黄山風景.docx
[2013/01/11 20:26:48 | 000,000,162 | -H-- | C] ()(C:\Users\Julie Wu\Desktop\~$?山風景.docx) -- C:\Users\Julie Wu\Desktop\~$黄山風景.docx
[2012/11/21 22:35:57 | 000,012,458 | ---- | M] ()(C:\Users\Julie Wu\Desktop\?山風景.docx) -- C:\Users\Julie Wu\Desktop\黄山風景.docx
[2012/11/21 22:35:55 | 000,012,458 | ---- | C] ()(C:\Users\Julie Wu\Desktop\?山風景.docx) -- C:\Users\Julie Wu\Desktop\黄山風景.docx

< End of report >
 


  • 0

Advertisements

#2
pystryker
Posted 12 July 2014 - 11:07 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hi, there was another log produced when OTL ran for the first time called Extras.txt and it will be located in the same place you ran OTL from. In this case here: C:\Users\Julie Wu\Downloads

Please post that log in your next reply. In the meantime, let's start getting rid of your unwanted guest.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with OTL


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg



:Commands
[createrestorepoint]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13081;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RidSpywareShield] C:\Program Files (x86)\Rid Spyware\RidSpywareShield.exe File not found
O4:64bit: - HKLM..\Run: [RidSpywareUpdater] C:\Program Files (x86)\Rid Spyware\RidSpywareUpdate.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Julie Wu\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [EPSON NX430 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\JULIEW~1\AppData\Local\Temp\E_SD394.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Epson Stylus NX430(??)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\JULIEW~1\AppData\Local\Temp\E_SD2C9.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\ppsap.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
[2014/07/11 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect

:Files
C:\Program Files (x86)\gorillaprice
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: Fresh OTL Sca
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

Extras.txt Log (from previous OTL run)

OTL Fixlog

AdwCleaner Log

Junkware Removal Tool Log

Fresh OTL Scan Log
  • 0

#3
patriciapcwu
Posted 12 July 2014 - 12:02 PM

patriciapcwu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

OTL Extra log

 

OTL Extras logfile created on: 7/11/2014 7:24:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie Wu\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.87% Memory free
7.61 Gb Paging File | 5.87 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 187.67 Gb Free Space | 73.84% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.16 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
 
Computer Name: JULIEWU-PC | User Name: Julie Wu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061CCE68-C084-419C-B022-6C8DBF9D37DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{149ABFE5-E271-4400-8AB0-7BA48FC2EBD5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{223A70A2-57F8-4C52-B234-55205A319A24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26C9ABCD-501C-41BE-BCC5-B7CA6416F02F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BEE6BF7-9746-42B5-9940-B46C2EE00F4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{564FE350-C921-4F7E-8478-195EA07484A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C6F8D00-22FF-44C0-A346-4026B780538E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C63AAB8-AE1A-46EC-99C8-86318836F22C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EEB643F-69CD-4580-AE55-E9602CA866E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8372BF22-809C-4CA9-BCE6-23D716DCEC24}" = rport=445 | protocol=6 | dir=out | app=system |
"{888DB962-775D-4DF9-98F2-414AB3BF5CC3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C891F9B-E538-49E1-9C88-67838C94B0F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97BF257B-41A9-4447-8862-C34B2FBC5333}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B77A9545-499F-433B-BCBE-38AE92F344B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{B95B9D45-AA98-4097-AA9D-734F81697281}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8B1B7DA-FB94-46A6-BA59-175B84FA3574}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC9ED2AE-6F99-4541-B8FD-9FB39EF0A976}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEA74AD4-D931-4312-84FA-75354DBEC798}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1DB14F3-A0B0-40C7-BE02-587392BC4F98}" = rport=138 | protocol=17 | dir=out | app=system |
"{F356C66B-A687-4CF0-8075-72154960F3EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{F73084AB-26F3-4F55-A261-812BFACE65F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BF2AD1-0E5D-493E-A0B1-CE49B3D655B2}" = protocol=6 | dir=in | app=c:\users\julie wu\downloads\ppstreamsetup.exe |
"{04FE02B0-E00D-4147-8A64-55CE687D9F21}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{056267DD-86D9-4D7B-83E5-AF9BD3178995}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{07C50EAB-60A5-4F52-958B-CF2610BB5D47}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0D15BA5C-AE0F-434F-9515-61F5661EF598}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{0D7E04E0-9517-4695-A684-F89E4E6A26BD}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{0ECF7862-07FD-459D-9990-1CFE71C5FA2D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{11BA20BD-8400-4B6D-85E7-A76D139849B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{1745EC79-00E3-4E7E-AED9-F6CE2BD00A39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{179C9A23-B636-4882-AA35-022BEF38EAD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\ppliveu.exe |
"{1968F913-F122-4B72-B0F6-380BFC6ECF69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{19B71BF4-284E-45AA-90F0-1E6E8E2F05C1}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{1DB3586B-9099-4036-A1F8-AEBD574D0E90}" = protocol=58 | dir=in | app=system |
"{2137E7C9-BC30-4EC8-B1E8-9DD894813745}" = protocol=6 | dir=in | app=c:\program files (x86)\rid spyware\ridspywareupdate.exe |
"{22AD7E64-226F-469B-A704-3B1DD5B4DBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\rid spyware\ridspyware.exe |
"{23365381-2509-46B2-A405-8554BCC070D4}" = protocol=58 | dir=out | [email protected],-503 |
"{24C29D0B-4CA4-49DA-8CB1-FB3CAAD04F1A}" = protocol=1 | dir=in | [email protected],-28543 |
"{27C7F860-87F4-4025-9313-15ADCFEE623C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{286A64E8-7D42-41C1-9980-80E313E49C45}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{29B4FE6C-9AAC-4EF0-946D-CB91011A5A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D24DD26-FD80-4CC5-B0AA-325C9508D1C8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3219346D-E7A0-4F5B-9A15-7D37AB234697}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37F3F122-0313-48C0-9819-191968633614}" = protocol=58 | dir=in | [email protected],-28545 |
"{39DBC14D-9E6B-47B6-8563-B1CDF3DE50D9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3E947290-56C3-4B18-9DB2-7346CE767436}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40AD70A0-40C4-49D0-88E2-C6E7FD86BEEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{439FEF12-80D8-42D8-8FD6-E8595A0D5AD8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{443C56C6-BD8C-4D0E-A7AB-B1C39C63879D}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{4CF9A7A4-8B9B-4590-8F60-C0741281E145}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4D53E22A-0A79-4E9E-8388-FD7815D004D9}" = protocol=17 | dir=in | app=f:\common\epsonnet setup\eneasyapp.exe |
"{4DCED17F-21A7-48A2-AE35-32630CC613CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E1BDDBA-886A-4737-A099-93815BFB3639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E8942F1-B3B7-4CC3-864C-76CD9D4FB8F4}" = protocol=6 | dir=in | app=c:\program files (x86)\rid spyware\ridspyware.exe |
"{4F4BC7B7-20D7-48F0-ABDB-D05C9D7132BF}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{521E640F-DBEC-4F2F-9D73-D0089D3FF309}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{5257216A-6FA3-466D-AD50-FDCA970FA3FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54057B4E-9238-4B22-8944-706C943D4868}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{554896C4-23EE-497C-90BD-5F0BF603E59C}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{585E57F9-1A2A-46E5-BB81-E3BB02F7E070}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{594F43D3-7490-46DF-B90F-9A1F11ECAEC1}" = protocol=17 | dir=in | app=c:\program files\ppstream.exe |
"{5BFCE9E5-D8AB-416B-845F-4E3400364F3D}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{5E4AE635-F7C2-4586-BC75-7C3842929BB5}" = protocol=6 | dir=out | app=system |
"{60291E66-7259-477B-A576-37B95300E991}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{694ACB27-682A-497E-9644-0A1C31D5A948}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{6B918423-CF3E-4E3F-98AD-FF8F33399834}" = protocol=6 | dir=in | app=c:\program files\ppstream.exe |
"{6D9171FB-411F-414C-B747-D39D1FA058E4}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{71B609D8-B47B-496B-96D4-F0400D8D8F72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{749BB49B-1E4F-49BA-8BD1-0AF9CE9B8158}" = protocol=58 | dir=out | [email protected],-28546 |
"{78838CC3-0046-4D86-B7D4-EB874226B03C}" = protocol=17 | dir=in | app=c:\users\julie wu\downloads\ppstreamsetup.exe |
"{7C035807-E6BC-45DD-8CFC-B643456791AA}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{85E7F761-848A-4915-9342-B0C33746DE8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{8B89EEC4-185B-43C3-AC0F-B4633E687C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{8BFA1FBF-7DAF-487C-8438-572349C23C89}" = protocol=6 | dir=in | app=f:\common\epsonnet setup\eneasyapp.exe |
"{8DF2B6B0-871D-4DDA-9330-2E0EB213EBEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8F27C9FA-FCE1-483D-BE6E-F5F37B24774A}" = protocol=6 | dir=in | app=c:\program files\ppsap.exe |
"{90DDB742-65DD-49F4-AAAC-934B691B2DC5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{92D0D7CE-D050-4825-B1FA-F9A8D86FC44D}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{97B502A0-B7D7-43C6-9CC4-3E71A447997D}" = protocol=17 | dir=in | app=c:\program files\ppsap.exe |
"{99372B7E-DB10-45E8-9441-2990E90A081C}" = protocol=17 | dir=in | app=c:\program files (x86)\rid spyware\ridspywareupdate.exe |
"{9DEAFD7D-214E-4A06-A765-15963AA02D28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9EE69E35-D1AC-420C-933C-00348A309E60}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{9F66F2AC-C4C8-48E5-9CCA-2F99AA15B44A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0A365AE-A746-4386-BA50-85AADAC98F86}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{A9E65B43-F46F-4EEE-8161-7F75FD7CD2F6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"{B0FE9ED2-7A10-455E-ABAA-EFBE937CA1DE}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{B6AB9E26-4182-4F13-91A0-48BF590CE59B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B9F3895B-A9F5-4D71-A6CF-F9198378DF5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB915803-CBF4-4BE4-98E0-12B76BACE60F}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{BFADD9A3-2E51-4C22-85EF-CF02C73A8F1A}" = protocol=1 | dir=out | [email protected],-28544 |
"{C16E4792-DBA2-4D16-B4AE-EC13E9415C42}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{C9B074A4-6ECF-43AE-BAE8-9743B713B8DC}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{CCE90F7D-AF20-41A6-8E34-D1A94FDD320A}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{D838C981-32B6-443A-A8EB-552705C0DDCE}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{D95F9A70-5388-4CBD-B332-06062AA36038}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{DF8B17B2-312B-4A47-8ADA-50B5644DAFA8}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"{E54DF681-B248-4687-8FD9-F9D859A98A46}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{E6223001-6C49-4E8A-9EED-1AB8DF013CE2}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{EDD46F6B-D9C6-4AA8-BE6B-DD86D0615E78}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\ppliveu.exe |
"{F050008F-7515-4ED0-8813-634604F7E374}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1BFF2B0-4C9D-4823-A15F-584066B4F86D}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{F35D7B08-F3BF-40D0-B32C-10AF9B0FFB11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC4415CF-EFAA-4887-80E3-DE59F7227289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{7F2764FE-1F3C-443A-981E-E558AE52955D}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{7FE752C8-8E67-4DF8-AE02-B5CF730012C0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8D9F80B9-A667-4AAA-9AFB-55BA4282E855}C:\program files (x86)\rid spyware\ridspywareupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rid spyware\ridspywareupdate.exe |
"TCP Query User{B34F4282-4B33-4A08-992B-4FC4800B7CA1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{00403306-30FC-4711-9809-708ED5740F18}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{1727E0E4-25A1-44E0-862A-E5E1B309364D}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{AE45EF5D-9A97-4989-A9A5-710912E88D6A}C:\program files (x86)\rid spyware\ridspywareupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rid spyware\ridspywareupdate.exe |
"UDP Query User{F627528F-CF36-440E-A870-ED02FB8469A4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1CF5754A-545B-4360-BFDE-2847BC728DFC}" = iTunes
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE4A7139-279C-4399-A142-32906B44D5F0}" = Scanjet 5590
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"EPSON NX430 Series" = EPSON NX430 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0121-0404-0000-0000000FF1CE}" = Microsoft Office IMESS (Chinese (Traditional)) 2010
"{90140000-0122-0000-0000-0000000FF1CE}" = Microsoft Office IME 2010
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E2BE6E32-2D3C-4C54-AD9F-18A55D5D5BCE}" = hpg5590
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Cisco Connect" = Cisco Connect
"EPSON Scanner" = EPSON Scan
"IME14SS.1028" = Microsoft Office IME 2010 (Traditional Chinese)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"N360" = Norton Security Suite
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TVUPlayer" = TVUPlayer 2.5.3.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/22/2013 8:14:26 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4602
 
Error - 5/22/2013 8:14:26 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4602
 
Error - 5/22/2013 8:14:27 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/22/2013 8:14:27 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5601
 
Error - 5/22/2013 8:14:27 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5601
 
Error - 5/22/2013 8:14:28 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/22/2013 8:14:28 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6599
 
Error - 5/22/2013 8:14:28 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6599
 
Error - 5/22/2013 8:14:40 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/22/2013 8:14:40 PM | Computer Name = JulieWu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
 
[ Media Center Events ]
Error - 5/2/2012 10:53:44 AM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 7:53:38 AM - Failed to retrieve Directory (Error: The operation has
 timed out)  
 
Error - 5/19/2012 1:23:26 AM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 10:23:26 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/19/2012 11:16:31 AM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 8:16:06 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/19/2012 12:16:55 PM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 9:16:53 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/19/2012 1:29:28 PM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 10:29:23 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 1:42:19 AM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 10:42:19 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 12:43:43 AM | Computer Name = JulieWu-PC | Source = MCUpdate | ID = 0
Description = 9:43:43 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server.  )  
 
[ OSession Events ]
Error - 6/20/2014 12:57:07 AM | Computer Name = JulieWu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/11/2014 10:06:21 AM | Computer Name = JulieWu-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 7/11/2014 10:06:21 AM | Computer Name = JulieWu-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
 is 107.
 
Error - 7/11/2014 9:18:02 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WerSvc service.
 
Error - 7/11/2014 9:22:04 PM | Computer Name = JulieWu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:21:07 PM on ?7/?11/?2014 was unexpected.
 
Error - 7/11/2014 9:25:50 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 7/11/2014 9:25:52 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
 error:   %%2
 
Error - 7/11/2014 9:54:10 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 7/11/2014 9:54:12 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
 error:   %%2
 
Error - 7/11/2014 10:13:11 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 7/11/2014 10:13:13 PM | Computer Name = JulieWu-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
 error:   %%2
 
 
< End of report >
 

AdwCleaner log

 

# AdwCleaner v3.215 - Report created 12/07/2014 at 10:32:59
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Julie Wu - JULIEWU-PC
# Running from : C:\Users\Julie Wu\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Users\Julie Wu\AppData\LocalLow\baidu

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Julie Wu\AppData\Roaming\Mozilla\Firefox\Profiles\3ty01d6k.default-1405096260166\prefs.js ]


*************************

AdwCleaner[R0].txt - [2207 octets] - [11/07/2014 18:45:33]
AdwCleaner[R1].txt - [1005 octets] - [12/07/2014 10:31:52]
AdwCleaner[S0].txt - [2254 octets] - [11/07/2014 18:48:56]
AdwCleaner[S1].txt - [932 octets] - [12/07/2014 10:32:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [991 octets] ##########
 

JTR log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Julie Wu on 07/12/2014 Sat at 10:39:22.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] gorillaprice
Successfully deleted: [Service] gorillaprice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2377637077-1533906764-3803053460-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Julie Wu\AppData\Roaming\mozilla\firefox\profiles\3ty01d6k.default-1405096260166\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/12/2014 Sat at 10:51:56.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fresh OTL Scan log

 

OTL logfile created on: 7/12/2014 10:53:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie Wu\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 62.89% Memory free
7.61 Gb Paging File | 6.06 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 188.58 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.16 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
 
Computer Name: JULIEWU-PC | User Name: Julie Wu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/12 10:36:55 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Julie Wu\Downloads\JRT.exe
PRC - [2014/07/11 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie Wu\Downloads\OTL.exe
PRC - [2014/06/05 21:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/06/23 05:39:54 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/01/15 04:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2009/12/23 10:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 10:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/22 05:40:58 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 18:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 21:38:46 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/02/15 09:04:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/09 10:27:20 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 10:26:35 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/09 10:26:16 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/09 10:26:05 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/09 10:25:59 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/09 10:25:57 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/09 10:25:50 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2009/12/18 19:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 19:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 19:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/12/13 07:34:45 | 000,654,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2009/09/22 11:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 07:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/07/09 20:29:05 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/06/23 05:39:54 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 10:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/09 01:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 01:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/15 20:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 07:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 07:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/04 17:23:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/03/31 00:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/26 02:14:52 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/18 03:35:10 | 000,215,168 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010/03/11 20:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 15:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 02:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/12/17 03:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 04:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 20:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/07/06 12:11:49 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140711.018\ex64.sys -- (NAVEX15)
DRV - [2014/07/06 12:11:49 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20140711.018\eng64.sys -- (NAVENG)
DRV - [2014/06/10 21:11:07 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/10 21:11:07 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/05/09 18:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20140703.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/24 09:06:08 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20140711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Julie Wu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Julie Wu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Julie Wu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Julie Wu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFF [2013/10/09 10:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2014/07/12 10:34:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/27 20:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/11 18:57:23 | 000,000,000 | ---D | M]
 
[2014/06/14 18:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Wu\AppData\Roaming\Mozilla\Extensions
[2014/07/11 10:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie Wu\AppData\Roaming\Mozilla\Firefox\Profiles\3ty01d6k.default-1405096260166\extensions
[2014/05/27 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/27 20:10:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/14 18:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/27 20:10:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/14 18:51:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/07/12 10:20:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.yardiasp...ivexviewer9.cab (Crystal Report Viewer Control 9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1B63321-44E3-469C-8CC5-399E409BC4EA}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/11 09:40:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/12 10:39:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/07/12 10:18:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/11 18:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 18:45:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/11 18:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/07/11 18:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/11 18:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/11 18:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/07/11 10:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GridinSoft
[2014/07/11 09:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/07/11 09:31:04 | 000,000,000 | ---D | C] -- C:\Users\Julie Wu\Desktop\Old Firefox Data
[2014/07/09 19:59:18 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/06/14 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/06/14 17:06:50 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/14 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Julie Wu\AppData\Local\NPE
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/12 10:41:42 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 10:41:42 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 10:39:01 | 000,013,276 | ---- | M] () -- C:\Users\Julie Wu\Desktop\JRT - Shortcut.lnk
[2014/07/12 10:33:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/12 10:33:41 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/12 10:30:34 | 000,013,349 | ---- | M] () -- C:\Users\Julie Wu\Desktop\AdwCleaner - Shortcut.lnk
[2014/07/12 10:27:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/12 10:20:14 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/07/12 10:18:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2377637077-1533906764-3803053460-1000UA.job
[2014/07/12 10:17:35 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2377637077-1533906764-3803053460-1000Core.job
[2014/07/11 18:26:54 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/07/11 18:26:54 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/07/11 18:26:54 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/07/11 10:01:17 | 000,000,495 | ---- | M] () -- C:\Users\Julie Wu\Desktop\Removable Disk (E) - Shortcut.lnk
[2014/07/11 09:40:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/06/14 18:51:17 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/14 18:37:12 | 000,001,214 | ---- | M] () -- C:\Users\Julie Wu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/14 17:02:47 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2014/07/12 10:39:01 | 000,013,276 | ---- | C] () -- C:\Users\Julie Wu\Desktop\JRT - Shortcut.lnk
[2014/07/12 10:30:34 | 000,013,349 | ---- | C] () -- C:\Users\Julie Wu\Desktop\AdwCleaner - Shortcut.lnk
[2014/07/11 09:40:13 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/14 18:51:17 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/14 18:51:16 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/20 17:07:12 | 000,000,691 | ---- | C] () -- C:\Users\Julie Wu\Libraries - Shortcut.lnk
[2010/11/03 16:55:41 | 000,004,096 | -H-- | C] () -- C:\Users\Julie Wu\AppData\Local\keyfile3.drm
[2010/09/17 04:59:04 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/11 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\360safe
[2011/03/04 22:55:55 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\360se
[2010/09/17 05:09:52 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ArcSyncConfig
[2012/04/13 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/18 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Epson
[2010/09/26 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ID Vault
[2011/11/04 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Leadertech
[2011/04/03 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\McGraw-HillLicensing
[2010/09/17 04:52:45 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\ooVoo Details
[2014/06/14 16:59:15 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Open Download Manager
[2011/04/11 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\PPStream
[2011/04/11 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Tific
[2011/02/11 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Julie Wu\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/01/11 20:26:48 | 000,000,162 | -H-- | M] ()(C:\Users\Julie Wu\Desktop\~$?山風景.docx) -- C:\Users\Julie Wu\Desktop\~$黄山風景.docx
[2013/01/11 20:26:48 | 000,000,162 | -H-- | C] ()(C:\Users\Julie Wu\Desktop\~$?山風景.docx) -- C:\Users\Julie Wu\Desktop\~$黄山風景.docx
[2012/11/21 22:35:57 | 000,012,458 | ---- | M] ()(C:\Users\Julie Wu\Desktop\?山風景.docx) -- C:\Users\Julie Wu\Desktop\黄山風景.docx
[2012/11/21 22:35:55 | 000,012,458 | ---- | C] ()(C:\Users\Julie Wu\Desktop\?山風景.docx) -- C:\Users\Julie Wu\Desktop\黄山風景.docx

< End of report >
 


  • 0

#4
pystryker
Posted 12 July 2014 - 12:39 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looks good :) Let's continue.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan

Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#5
patriciapcwu
Posted 12 July 2014 - 08:28 PM

patriciapcwu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

ESET Scan log

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6bf16a19792de44f86990a1e46c66370
# engine=19148
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-12 08:35:47
# local_time=2014-07-12 01:35:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 156740796 0 0
# scanned=139491
# found=2
# cleaned=0
# scan_time=4383
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Julie Wu\Downloads\cbsidlm-cbsi188-Revo_Uninstaller-SEO-10687648.exe"
sh=AC5B23F3B6376CA60FBBE34A975D4DD4FA9EE0D7 ft=1 fh=0f0627a929a75390 vn="a variant of Win32/Packed.VMDetector.G potentially unwanted application" ac=I fn="C:\Users\Julie Wu\Downloads\SoftwareUpdater.exe.9p11yya.partial"
 

 

MBAM log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/12/2014
Scan Time: 11:48:27 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.12.08
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Julie Wu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293276
Time Elapsed: 18 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [a8d74a537209e84e5bd58fdb2cd6df21],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [a8d74a537209e84e5bd58fdb2cd6df21],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [a8d74a537209e84e5bd58fdb2cd6df21],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [0f70d0cd87f4c175200e5416d62cb34d],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [0f70d0cd87f4c175200e5416d62cb34d],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [0f70d0cd87f4c175200e5416d62cb34d],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [0f70d0cd87f4c175200e5416d62cb34d],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [0f70d0cd87f4c175200e5416d62cb34d],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [c9b6d2cb0477fa3c4de25f0be022c739],
Adware.BDSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}, Quarantined, [4b34bedf6a1139fdc6c4d19c05fda45c],
PUP.Optional.GorillaPrice.A, HKLM\SOFTWARE\WOW6432NODE\GorillaPrice, Quarantined, [77089706a2d9d066f1634793db2744bc],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.SearchProtect.A, C:\Users\Julie Wu\AppData\Local\Temp\nsi7283.tmp, Quarantined, [215e831a0a7185b166f5573cb849a45c],
PUP.Optional.SearchProtect.A, C:\Users\Julie Wu\AppData\Local\Temp\dlm1035.tmp\sp-downloader.exe, Quarantined, [e09fd3ca86f581b57aa6addb5aa731cf],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Security Check log

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


  • 0

#6
pystryker
Posted 12 July 2014 - 08:40 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Excellent, let's get rid of the 2 items that ESET found. :thumbsup:


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:Files
C:\Users\Julie Wu\Downloads\cbsidlm-cbsi188-Revo_Uninstaller-SEO-10687648.exe
C:\Users\Julie Wu\Downloads\SoftwareUpdater.exe.9p11yya.partial

:Commands
[reboot]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and the computer will reboot.
  • Once your machine has rebooted, a log will open. If the log doesn't open upon reboot, a copy can be found here: C:\_OTL\MovedFiles Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log
  • 0

#7
patriciapcwu
Posted 12 July 2014 - 09:02 PM

patriciapcwu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Julie Wu\Downloads\cbsidlm-cbsi188-Revo_Uninstaller-SEO-10687648.exe moved successfully.
C:\Users\Julie Wu\Downloads\SoftwareUpdater.exe.9p11yya.partial moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 07122014_195415
 


  • 0

#8
pystryker
Posted 12 July 2014 - 09:09 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some tips and information to help protect you in the future.
Step 1: Tool Removal and Creation of a Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:delfix.jpg
    • Create registry backup
    • Purge system restore
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malwareinstalled. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.



Step 2: Service Pack and Program Updates


Your current Service Pack is out of date. Please go to the link below to find instructions and links to update it.

http://windows.micro...oad#sptabs=win7


Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, Unchecky Installation and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Protection Against CryptoLocker


CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg


Are there any further issues I can assist you with?
  • 0

#9
patriciapcwu
Posted 12 July 2014 - 09:19 PM

patriciapcwu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Delfix log

 

# DelFix v10.7 - Logfile created 12/07/2014 at 20:12:44
# Updated 27/04/2014 by Xplode
# Username : Julie Wu - JULIEWU-PC
# Operating System : Windows 7 Home Premium  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\scan.txt
Deleted : C:\Users\Julie Wu\Desktop\AdwCleaner - Shortcut.lnk
Deleted : C:\Users\Julie Wu\Desktop\JRT - Shortcut.lnk
Deleted : C:\Users\Julie Wu\Desktop\JRT.txt
Deleted : C:\Users\Julie Wu\Downloads\AdwCleaner(1).exe
Deleted : C:\Users\Julie Wu\Downloads\AdwCleaner.exe
Deleted : C:\Users\Julie Wu\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Julie Wu\Downloads\Extras.Txt
Deleted : C:\Users\Julie Wu\Downloads\JRT.exe
Deleted : C:\Users\Julie Wu\Downloads\OTL.Txt
Deleted : C:\Users\Julie Wu\Downloads\OTL.exe
Deleted : C:\Users\Julie Wu\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #535 [Windows Update | 07/02/2014 01:38:32]
Deleted : RP #536 [Windows Update | 07/06/2014 18:48:24]
Deleted : RP #537 [Windows Update | 07/10/2014 02:56:15]
Deleted : RP #538 [Installed SpyHunter | 07/11/2014 16:38:07]
Deleted : RP #539 [Removed SpyHunter | 07/12/2014 01:36:10]
Deleted : RP #540 [Installed Java 7 Update 60 | 07/12/2014 01:37:48]
Deleted : RP #541 [Revo Uninstaller's restore point - gorillaprice | 07/12/2014 02:01:06]
Deleted : RP #542 [OTL Restore Point - 7/12/2014 10:19:00 AM | 07/12/2014 17:19:03]
Deleted : RP #543 [OTL Restore Point - 7/12/2014 7:54:26 PM | 07/13/2014 02:54:29]

New restore point created !

########## - EOF - ##########
 


  • 0

#10
patriciapcwu
Posted 12 July 2014 - 09:52 PM

patriciapcwu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi Pystryker,

 

If the last log looks good, then I have no further issues with this computer!

 

I thank you very much for your quick responses and help!!!

 

Patricia


  • 0

#11
pystryker
Posted 13 July 2014 - 12:26 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hi Pystryker,
 
If the last log looks good, then I have no further issues with this computer!
 
I thank you very much for your quick responses and help!!!
 
Patricia


:thumbsup: You are very welcome, and if you need us again, don't hesitate to come back.

Safe surfing :wave:

pystryker
  • 0

#12
pystryker
Posted 13 July 2014 - 05:59 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP