Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware, PUP HELP [Closed]

Started by kid@hrt , Aug 18 2014 02:39 PM

  • This topic is locked This topic is locked

#1
kid@hrt
Posted 18 August 2014 - 02:39 PM

kid@hrt

    Member

  • Member
  • PipPip
  • 55 posts

Good Afternoon,

 

PC is running sluggish, trouble connecting to the internet. and OTL froze twice.

 

There were a few icons on the desktop that I did not recognize. New Player, BrowserApps and Search Protect.

I did scan using Malwarebytes and found over 200 items

Pleas let me know if I am infected with anything harmful. 

 

 

OTL logfile created on: 8/18/2014 4:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.84% Memory free
12.00 Gb Paging File | 9.85 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 162.87 Gb Free Space | 69.98% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Mb Total Space | 69.81 Mb Free Space | 69.81% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/18 16:09:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Downloads\OTL (1).exe
PRC - [2014/08/06 23:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 23:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/06 23:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/16 15:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/14 15:48:18 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/06 00:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/06 16:29:15 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/18 16:06:40 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/08 10:21:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 03:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 37 9A C3 8B 9F CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{8927744F-C06F-407B-88EF-52061AA899CF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\1CDDF6A195E44867AFEE99A09F506881: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mom\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mom\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 15:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/01 13:16:34 | 000,000,000 | ---D | M]
 
[2013/08/21 18:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions
[2010/12/05 19:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/08/18 16:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\f5dvrg74.default\extensions
[2014/08/18 15:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\Firefox\Profiles\oirl65bi.default-1365377985248\extensions
[2014/07/23 13:03:56 | 000,226,542 | ---- | M] () (No name found) -- C:\Users\Mom\AppData\Roaming\mozilla\firefox\profiles\f5dvrg74.default\extensions\[email protected]
[2014/07/23 13:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/23 13:04:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5DVRG74.DEFAULT\EXTENSIONS\[email protected]
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2013/05/04 13:50:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.n...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} https://www.compass....micWebTWAIN.cab (DynamicWebTwain Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AA37F8-C1BB-4651-A345-B8D6F02AE8C5}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AA37F8-C1BB-4651-A345-B8D6F02AE8C5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/18 16:06:34 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\ElevatedDiagnostics
[2014/08/18 15:05:54 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\com
[2014/08/18 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\newplayer
[2014/08/18 15:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/08/18 15:02:35 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\globalUpdate
[2014/08/18 14:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DTH
[2014/08/18 14:56:08 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Design This Home
[2014/08/18 14:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Design This Home
[2014/08/18 14:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Design This Home
[2014/08/18 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Big Fish Games
[2014/08/18 14:38:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Method Solutions
[2014/08/18 14:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Method Solutions
[2014/08/11 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/08/11 12:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/08/05 17:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2014/08/05 11:09:51 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/08/05 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Mom\Documents\Family Tree Maker
[2014/08/04 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\print for family history
[2014/08/04 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/04 15:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/03 17:53:35 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\RootsMagic
[2014/08/03 17:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RootsMagic
[2014/07/23 13:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[12 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/18 16:11:34 | 001,483,929 | ---- | M] () -- C:\Users\Mom\Desktop\desktop and otl.png
[2014/08/18 16:09:22 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/18 16:09:22 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/18 16:06:40 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 16:04:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/18 16:04:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/18 16:03:58 | 536,371,199 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/18 15:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/18 15:24:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2005915866-3535303436-4220142520-1000UA.job
[2014/08/18 15:15:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/18 15:03:18 | 000,000,000 | ---- | M] () -- C:\END
[2014/08/18 14:56:58 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Play Design This Home.lnk
[2014/08/17 18:36:35 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2005915866-3535303436-4220142520-1000Core.job
[2014/08/12 12:08:31 | 000,000,102 | ---- | M] () -- C:\Users\Mom\jobq.dat
[2014/08/04 14:57:54 | 000,799,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/04 14:57:54 | 000,674,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/04 14:57:54 | 000,127,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/04 13:29:51 | 002,578,432 | ---- | M] () -- C:\Users\Mom\Documents\RootsFamily.rmgc
[2014/08/03 17:56:41 | 000,100,618 | ---- | M] () -- C:\Users\Mom\Documents\scioli- epps-wysong .LST
[2014/07/26 10:11:19 | 000,001,009 | ---- | M] () -- C:\Users\Mom\Desktop\Dropbox.lnk
[2014/07/21 21:17:04 | 000,212,932 | ---- | M] () -- C:\Users\Mom\Documents\ViewDocument.pdf
[2014/07/19 20:03:30 | 000,219,147 | ---- | M] () -- C:\Users\Mom\Documents\Wedding_Planner_Guest_List.pdf
[12 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/18 16:11:34 | 001,483,929 | ---- | C] () -- C:\Users\Mom\Desktop\desktop and otl.png
[2014/08/18 15:01:16 | 000,000,000 | ---- | C] () -- C:\END
[2014/08/18 14:56:58 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Play Design This Home.lnk
[2014/08/18 14:54:06 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2014/08/11 12:56:06 | 000,087,600 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2014/08/03 17:56:41 | 000,100,618 | ---- | C] () -- C:\Users\Mom\Documents\scioli- epps-wysong .LST
[2014/08/03 17:56:17 | 002,578,432 | ---- | C] () -- C:\Users\Mom\Documents\RootsFamily.rmgc
[2014/07/21 21:17:04 | 000,212,932 | ---- | C] () -- C:\Users\Mom\Documents\ViewDocument.pdf
[2014/07/19 20:03:29 | 000,219,147 | ---- | C] () -- C:\Users\Mom\Documents\Wedding_Planner_Guest_List.pdf
[2014/04/26 14:40:32 | 000,000,102 | ---- | C] () -- C:\Users\Mom\jobq.dat
[2014/01/10 20:40:33 | 000,000,137 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\WB.CFG
[2014/01/10 20:40:33 | 000,000,005 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\WBPU-TTL.DAT
[2013/12/27 21:57:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/05/14 13:49:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/23 21:39:46 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/04/23 21:04:25 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2013/04/18 15:14:38 | 000,008,526 | ---- | C] () -- C:\Users\Mom\AppData\Local\recently-used.xbel
[2013/04/12 10:57:08 | 000,000,000 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\bibstats
[2013/04/10 22:30:53 | 000,000,426 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/10 12:06:28 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2013/04/06 15:45:37 | 000,000,383 | ---- | C] () -- C:\Windows\ulead32.ini
[2013/03/31 17:59:55 | 000,009,216 | ---- | C] () -- C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 14:33:34 | 000,000,091 | ---- | C] () -- C:\Users\Mom\AppData\Local\fusioncache.dat
[2012/11/16 16:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 16:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/05 18:57:09 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/10/11 12:29:27 | 000,012,770 | ---- | C] () -- C:\Users\Mom\AppData\Local\slot1.mm1
[2012/06/24 16:09:18 | 000,007,603 | ---- | C] () -- C:\Users\Mom\AppData\Local\Resmon.ResmonCfg
[2012/06/18 02:15:36 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/05 20:31:26 | 000,028,802 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/21 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2012/11/15 00:38:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Across Lite 2.0
[2012/07/16 16:55:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ad-Aware Antivirus
[2013/04/24 15:09:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Aimersoft Video Converter Ultimate
[2013/12/28 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AppMinis
[2012/10/09 15:08:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AzuazGames
[2014/08/18 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Big Fish Games
[2012/12/18 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2011/08/05 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Crayon Physics Deluxe
[2013/01/12 09:49:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Crown
[2013/04/19 17:34:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Curious Sense
[2012/10/05 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Dekovir
[2014/01/31 19:42:59 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DigitalSites
[2012/10/05 19:45:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Doctor Who
[2014/08/05 20:54:49 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Dropbox
[2014/07/22 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DSite
[2012/09/29 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ERS Game Studios
[2013/03/09 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\eTeks
[2012/12/27 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Fabulous Finds
[2014/08/05 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FamilyTreeMaker
[2012/10/11 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Flood Light Games
[2014/06/01 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\foobar2000
[2013/03/31 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FreeAudioPack
[2013/04/01 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FreeCDRipper
[2012/10/11 07:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FreezeTag
[2011/11/01 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Frogwares
[2012/10/11 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GameHouse
[2011/08/03 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GTM_Bodie
[2012/06/18 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\HD Tune Pro
[2013/09/06 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Home Sweet Home
[2013/12/25 12:57:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Home Sweet Home 2
[2013/09/06 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Home Sweet Home Christmas
[2013/03/14 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\http;www.staffsquared.com
[2013/04/10 12:06:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iSkysoft Video Converter Ultimate
[2013/02/04 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Janes Realty2
[2013/03/09 14:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Jumb-O-Fun Games
[2011/08/03 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Lazy 8 Studios
[2012/10/11 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LegacyGames
[2013/10/02 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LegacyInteractive
[2011/11/03 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient
[2013/07/01 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Millennia
[2012/10/16 10:56:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MumboJumbo
[2012/10/16 13:59:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\My Games
[2013/02/08 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MyPublisher
[2013/12/27 23:09:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberon Media
[2013/09/30 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Open Download Manager
[2010/12/02 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2013/09/21 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oracle
[2013/03/09 13:55:16 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PlayFirst
[2013/03/09 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Playrix Entertainment
[2014/08/04 14:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\RootsMagic
[2010/12/21 18:37:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\runic games
[2013/08/21 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Search Protection
[2012/10/09 11:44:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Silverback Productions
[2013/04/06 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Simple Star
[2014/08/18 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Spotify
[2011/01/05 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Template
[2010/12/05 19:37:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Thunderbird
[2012/10/16 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TikisLab
[2012/10/18 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Top Evidence
[2013/09/29 23:34:01 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TypingTrainer8
[2014/06/02 12:37:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\uTorrent
[2013/01/29 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ViquaSoft
[2013/12/27 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Virtual Prophecy
[2013/04/23 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/03/09 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\World-LooM
[2013/04/10 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 371 bytes -> C:\ProgramData\TEMP:47E35D9B
@Alternate Data Stream - 350 bytes -> C:\ProgramData\TEMP:214562D2
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:27790C06
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:3ED5E595
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E1D06077
 
< End of report >
 

  • 0

Advertisements

#2
ruggie_uk
Posted 19 August 2014 - 08:41 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings kid@hrt and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in training and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it will be difficult at times but it is important that you stay with me until your computer is declared clean.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

I will be going over your logs now and will report back as soon as I have scanned through it all.

 


  • 0

#3
ruggie_uk
Posted 19 August 2014 - 10:02 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hello again kid@hrt,

There are a couple of items we need to do before we go further.

When you performed your OTL scan, you should have been presented with 2 logs.

OTL.txt which you have posted and another called extras.txt. I need to see this please. It will be located in c:\users\mom\downloads.

MGADiag

Before we continue, I would like to see a MGADiag log please as it will help us with the diagnosis.

  • Download MGADiag (by Microsoft) from the link found below:
    http://go.microsoft....k/?linkid=52012
  • Run the tool by double-clicking on the file. Press Continue when prompted
  • When it has finished, press Copy then Paste (Ctrl+V) this into your next post please

For your next post:

MGADiag report
OTL extras.txt


  • 0

#4
kid@hrt
Posted 19 August 2014 - 12:24 PM

kid@hrt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi Ruggie
 
Thanks for helping, Sorry about not posting the OTL extras The extras and the MGADiag report are posted below. 
 
 
OTL extras.txt
 

OTL Extras logfile created on: 8/18/2014 4:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.84% Memory free
12.00 Gb Paging File | 9.85 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 162.87 Gb Free Space | 69.98% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Mb Total Space | 69.81 Mb Free Space | 69.81% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\word\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\word\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B87C63B-49BF-454A-A8F4-EC23F51E12E1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{14452A1B-FC4B-479C-B52C-4066C92936C1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1751F414-801A-48DB-9361-319208ACDEFC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1DE36BD2-D737-44A2-9EC8-9618D87B78DB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3D8CCDE1-F8D7-4641-9B1B-1D75415143CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3EEAC49E-8366-490D-A070-157C55C7B3DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41D2E6D8-38A5-413E-9DA5-2E114DBE9776}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C69796C-CF00-40BA-8FD6-DEF65F612D32}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4D8A57DF-646B-4FF7-9D13-E87D02A6C69B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{564BC1D7-31A5-4315-A464-29686878D3FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57FEADBD-4A3C-4F3E-B6A5-838836B10061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69480608-69B6-4BE5-8437-1FEEE690C59D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73ABF462-4A1D-4C82-93E0-350446F80909}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75F623C7-71CF-4C2F-98DA-6F41B1BBBC47}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{76FE9FD9-A34E-4EBE-8E19-E175127385EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8AB9667E-8C08-43AD-8932-E9E7618818DC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8EE4591D-11F1-4585-8675-4CEA412E022B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8F198DDD-4CB9-4A6F-9592-DBCAE2B0EE34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{918A1DF2-794D-4F8D-86B8-8E47E5A18BA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96D74484-ADAD-4773-A3C6-11AF5708A67F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A1F6C18F-D445-499B-8307-8250D3A26DF6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B1797CC0-8EF6-4331-A16C-80FC6823C46D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B552F919-1109-48EA-B445-0C21C6AC2761}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CE63BF81-D72E-439E-9D54-76190B320472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7329656-4C39-41FC-BFD9-6AC58C0E2BFA}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{D82C2DBA-8347-4BF7-945E-AAB1D3FE89EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC084B0C-8A65-4AA5-952C-30E2C5DFC64E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DC6FE17B-AA6D-4917-A1CA-AB519B913D64}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DDA8D40C-B5B2-4287-8F72-554FEB56D057}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DEA50859-6E6E-4961-B1C4-25C750A3F47C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E25CF4E3-88CA-4A93-82BB-745F32957123}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E4DEE7C4-CDE0-4CAD-918A-87E8C9E2AD3B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E9D5738E-0353-4DB7-BCDE-B77D7B837DF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2B451B7-A79C-4747-BEE9-6403EDD3A86C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCD370E4-D62E-40F2-8098-78AD2BD63B3F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00164D61-4D2A-4A0C-8B87-6AF4A6F88A51}" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe | 
"{01B9F557-FE88-48BE-8F6B-9408F0F6266E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05CD46B6-94D6-4B52-A6DD-E7A7F5E15549}" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe | 
"{0CC8889F-4619-4044-9985-FAD908B0314A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{13295991-27C1-4830-91AE-0406C6508523}" = protocol=1 | dir=out | [email protected],-28544 | 
"{1FF76B4F-8E4E-4609-BCA5-63381146C405}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20C91CD3-E5FE-48F0-8706-B6C475B6E50D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{294C8565-5792-42D4-919A-ED04F77CA5A0}" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe | 
"{3B0C625E-BC66-4259-8047-7849962B2275}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{41B306AC-471E-411A-AFD7-BAB319E8BB6E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{47D53198-3ECD-4CEB-BCD5-E8ACB12FB462}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4DEBE126-8A8B-47B6-A55A-47BD10014E49}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{512E0D4D-C042-418A-A0E4-F4B935DF8EC1}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{5641A29D-F058-46DA-9F92-C6CE1962F3A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CE5C086-60B9-48EF-9B60-CC7498349CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{62A35418-AF9F-4D06-98BF-042866804067}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6633DB7D-4362-432D-94C2-C36D21372186}" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe | 
"{6A024437-C058-4239-8084-6BAB53EB3637}" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\spotify\spotify.exe | 
"{7268032D-9912-488D-8191-834F00595A22}" = protocol=58 | dir=in | [email protected],-28545 | 
"{728C6C7D-CB9C-4F97-B031-82BFC4A6F3E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E669FA8-083D-448E-A5CB-975704DADAD4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{950B227E-46F4-4DB8-90EB-5D0FC6ABEAEA}" = protocol=58 | dir=out | [email protected],-28546 | 
"{A456DF3F-0D97-4952-BE1C-E384D8C05DC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA639C78-9B3D-445B-AD56-4C3954265175}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{AFF41C40-4D34-4EC5-A2A2-9B763F4A3D98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B29FA178-DE24-45BB-A97A-DBD03466D851}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B92474ED-6492-4AB8-9EC2-FC62F99C6834}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9E13C06-47C1-413A-A5D0-AB01DC525D8E}" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C14DDCA3-487C-4EC2-B886-867C4E0A6366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC8FCD81-A22E-41CC-8DF0-677473F76D27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFA20CC1-EBC2-4F0B-B789-7777CF582789}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D29792BC-1812-4813-812E-D240960D87FD}" = protocol=6 | dir=out | app=system | 
"{DB2DF830-B205-4420-8C66-144E3AE4782E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC9B7405-3B63-4DCF-96C6-AD0864D28B63}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E31505A8-D19C-48EA-B41E-9899766AB68B}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{E99AC27A-B149-4FAE-95B8-3E729CA5A732}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F4028895-B089-4288-B0F8-49EB1A8CFC33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{95A3F6CD-AE75-43F4-9EB3-4FDC01FA84BF}C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9454651D-0E95-4D36-961F-C7D5C4E78633}C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders
"{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}" = Canon MF4700 Series
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A7395F20-2B22-4CB8-8510-B452C0F47E02}" = Movie Maker 6.0 for Windows 7 (64-bit)
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B3E767-B182-4279-A35A-A56810C77CFD}_is1" = MP3 To WAV Decoder version 1.0 r2
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf13
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{75939021-3B68-419D-8DC1-E9823BFF9658}" = Google Drive
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{975EA987-5D79-4A1C-AD71-D27B28347B48}" = Across Lite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.15.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BFGC" = Big Fish: Game Manager
"BFG-Design This Home" = Design This Home
"BFG-Home Sweet Home" = Home Sweet Home
"BFG-Home Sweet Home - Christmas Edition" = Home Sweet Home: Christmas Edition
"BFG-Home Sweet Home 2 - Kitchens and Baths" = Home Sweet Home 2: Kitchens and Baths
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"Cogs" = Cogs
"foobar2000" = foobar2000 v1.1.1
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"Revo Uninstaller" = Revo Uninstaller 1.95
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"Spotify" = Spotify
"UserTestingPlugin" = UserTesting.com Recorder Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/13/2014 7:39:59 PM | Computer Name = Mom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, 
time stamp: 0x4f3c6d6c  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x000223e0  Faulting
 process id: 0xc20  Faulting application start time: 0x01cfb74de30d53e0  Faulting application
 path: C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe  Faulting module 
path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 22d029b0-2343-11e4-b91a-003067529c86
 
Error - 8/18/2014 3:03:21 PM | Computer Name = Mom-PC | Source = MsiInstaller | ID = 11309
Description = 
 
Error - 8/18/2014 3:13:27 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service NewVideoPlayer Updater Service since QueryServiceConfig API failed  System
 Error: The system cannot find the file specified.  .
 
Error - 8/18/2014 3:14:38 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service NewVideoPlayer Updater Service since QueryServiceConfig API failed  System
 Error: The system cannot find the file specified.  .
 
Error - 8/18/2014 3:15:30 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service NewVideoPlayer Updater Service since QueryServiceConfig API failed  System
 Error: The system cannot find the file specified.  .
 
Error - 8/18/2014 3:17:03 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddWin32ServiceFiles: Unable to back up image
 of service NewVideoPlayer Updater Service since QueryServiceConfig API failed  System
 Error: The system cannot find the file specified.  .
 
Error - 8/18/2014 3:31:45 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1024    Start Time:
 01cfbb1a37fd6960    Termination Time: 0    Application Path: C:\Users\Mom\Downloads\OTL.exe
 
Report
 Id:   
 
Error - 8/18/2014 3:33:46 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 3e8    Start Time:
 01cfbb1b272c75d0    Termination Time: 15    Application Path: C:\Users\Mom\Desktop\OTL.exe
 
Report
 Id:   
 
Error - 8/18/2014 3:39:53 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 588    Start Time:
 01cfbb1bf9854e80    Termination Time: 16    Application Path: C:\Users\Mom\Desktop\OTL.exe
 
Report
 Id:   
 
Error - 8/18/2014 4:02:04 PM | Computer Name = Mom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x337cfb18  Faulting process id: 0x96c  Faulting application
 start time: 0x01cfbb1d32a75ae0  Faulting application path: C:\Program Files (x86)\Malwarebytes
 Anti-Malware\mbam.exe  Faulting module path: unknown  Report Id: 8587af10-2712-11e4-aeaf-003067529c86
 
[ System Events ]
Error - 8/2/2014 9:58:50 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 8/2/2014 9:58:51 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 8/2/2014 9:58:51 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 8/2/2014 9:58:51 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 8/2/2014 9:58:51 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 8/4/2014 3:22:18 PM | Computer Name = Mom-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.
 
Error - 8/4/2014 3:24:30 PM | Computer Name = Mom-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.
 
Error - 8/4/2014 3:24:31 PM | Computer Name = Mom-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.
 
Error - 8/4/2014 3:24:32 PM | Computer Name = Mom-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.
 
Error - 8/4/2014 3:30:47 PM | Computer Name = Mom-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.
 
 
< End of report >
 
 
 
 
MGADiag report
 
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {F70CF57E-9EE2-4B0C-898A-AAA11C5C9794}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 100 Genuine
Microsoft Word 2002 - 100 Genuine
Microsoft Office Access Runtime (English) 2007 - 121
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7601.17514], Hr = 0x800b0100
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F70CF57E-9EE2-4B0C-898A-AAA11C5C9794}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2005915866-3535303436-4220142520</SID><SYSTEM><Manufacturer>BIOSTAR Group</Manufacturer><Model>MCP6P3</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080015 </Version><SMBIOSVersion major="2" minor="6"/><Date>20091124000000.000000+000</Date></BIOS><HWID>57F93D07018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>9CF5E85BB9ACDFA</Val><Hash>1Ggu41R2+mA+9tA2HepOcmjwtV0=</Hash><Pid>54189-OEM-1650002-00509</Pid><PidType>16</PidType></Product><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62024</Pid><PidType>2</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7601.0000-1902011
Installation ID: 009772612131315270486786322976622902344745963506970976
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/19/2014 2:18:55 PM
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:5:2014 18:04
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: MgAAAAIAAwABAAEAAAACAAAAAQABAAEAonbWzHhrEK1I0Ux/kgCyTA60mohSgHIpnrM=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC 112409 APIC1823
  FACP 112409 FACP1823
  HPET 112409 OEMHPET0
  MCFG 112409 OEMMCFG 
  WDRT 112409 NV-WDRT 
  OEMB 112409 OEMB1823
  SSDT A M I POWERNOW
  SLIC ACRSYS ACRPRDCT

  • 0

#5
ruggie_uk
Posted 19 August 2014 - 01:49 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi kid@hrt,

 

Firstly, can we ask where you got your computer from? Was windows already installed or was it updated to Windows 7?

 

It appears to have a version of windows on that was not activated by Microsoft and would not come with this particular computer so before we can continue, we need to ascertain how this happened as there are quite strict rules on this site that we must adhere to.


  • 0

#6
kid@hrt
Posted 19 August 2014 - 01:54 PM

kid@hrt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi 

 

My son built the computer for me. But I think that he got the OS from my old Dell computer.

I hope this isn't a problem.


  • 0

#7
ruggie_uk
Posted 19 August 2014 - 01:58 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Im afraid that is not allowed by Microsoft Licensing as there are very specific rules they lay down for each of their products and a version supplied to one manufacturer cannot be used on another computer due to the licensing deals they agree with each other.

 

I'm afraid that until a valid licence is applied to this computer we will not be able to assist any further.

 

If you obtain a valid licence then by all means return and we will happily help to sort out any problems for you.


  • 0

#8
Dakeyras
Posted 23 August 2014 - 12:44 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP