Hello,
Thanks in advance for taking your time to help.
My computer seems to be infected by some sort of virus and/or malware.
Syptoms (Not sure if all of these are related, but are all ways my computer has started acting funny.
1) Avast webshield pop-up constantly indicating that it's blocking a harmful file. This happens frequently regardless of the activity I'm engaged in.
Most commonly it shows this:
Object: http:/
Infection: URL:Mal
Process: C:\ProgramFile\...\iexplore.exe
Sometimes the object is different, usually a file name ending in .png. For example: ajax_movie_pic_back.png
This morning one of the pop ups had a different infection name for the first time: HTML:Framer-inf[trj]
Sometimes the process is: AvastSvc.exe This morning I got a process of C:\Windows\System32\dllhost.exe.
2) I regularly get windows alert messages.
The most common one is titled Adobe PDF Document and says "There is a problem With Adobe Acrobat/Reader. Please exit Adobe Acrobat/Reader and try again. I've also been getting one that says "Microsoft Windows Powershell has stopped working" and has a "Close Program" button. I also get a message saying my display driver has stopped but recovered. The last two are less frequent, but still occurr pretty regularly.
3) When I tried downloading some of the anti-malware programs that seem commonly recomended I would get a security alert window that would say my security settings don't allow for this file to be downloaded. When I go to internet options I find that my security is set to "Custom." I don't believe I did this, so I'd reset it to "default" which would allow me to download the programs. However, if I restarted the computer, the security would be back to "custom."
4)The computer is running incredibly slow. Programs often say they are not responding. I have noticed that in task manager under processes there are a lot of individual items of dllhost.exe COM Surrogate running. Not sure if that's related, but seems like it to me.
5) I tried to boot my computer in safemode several times. It list some files that its loaded but it just gets stuck at the "Loading windows files" "please wait" screen.
Removal Tools I've Tried
1) SpyHunter: Ran it twice. first time got over 200 items. second time got 49. didn't help comp either time.
2) Avast: No virus found
3) Malwarebytes: No infection found
4) ComboFix: Not sure what it did, and it didn't provide me with a log.
5) adwcleaner: Did find some stuff but didn't help.
6) tdsskiller: no infection found
*Unfortuanaly I didn't keep these logs. I can get them again, but some of these programs take many many hours to scan because of how my computer is running.
OTL Log:
OTL logfile created on: 11/1/2014 6:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.12% Memory free
11.80 Gb Paging File | 10.08 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): c:\pagefile.sys 9216 9216 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 42.80 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Computer Name: Z-BOT | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/11/01 18:47:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
PRC - [2014/10/29 22:49:22 | 000,770,944 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2014/09/12 17:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/07 16:05:44 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/03 16:05:29 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/19 12:50:02 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/05/22 09:37:06 | 005,013,000 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2013/05/22 09:37:06 | 001,066,504 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/05/31 13:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/28 12:35:32 | 001,011,200 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC\update\SST.exe
PRC - [2007/02/20 13:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
========== Modules (No Company Name) ==========
MOD - [2014/11/01 18:35:03 | 000,043,008 | ---- | M] () -- c:\Users\Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpapgqle.dll
MOD - [2014/09/12 17:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/05/03 16:05:30 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Dropbox\bin\libcef.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/10/29 22:49:22 | 000,770,944 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2014/10/18 19:44:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 17:52:00 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/03 16:05:29 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/05/22 09:37:06 | 005,013,000 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/05/31 13:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2014/10/29 22:49:25 | 000,016,432 | ---- | M] (Enigma Software Group USA, LLC.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2014/10/29 22:49:23 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2014/05/12 04:05:45 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/05/12 04:05:44 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/12 04:05:44 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/05/03 16:05:32 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/03 16:05:32 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/03 16:05:31 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/03 16:05:31 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/03 16:05:31 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/10 19:14:42 | 000,023,192 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2008/08/10 19:14:34 | 000,020,632 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2008/08/10 19:14:28 | 000,077,464 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2008/08/10 19:13:04 | 000,025,240 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nglog.sys -- (NgLog)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 11:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/04 01:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKLM\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc179
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ourceid=ie7=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKCU\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 168.94.74.68:8080
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terry\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 16:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/10/18 19:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/18 19:44:12 | 000,000,000 | ---D | M]
[2012/08/10 20:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2014/10/28 20:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions
[2010/05/12 10:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/10/28 20:00:56 | 000,394,370 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/10/18 18:43:25 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/25 20:21:08 | 000,009,405 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8m5nsaja.default\searchplugins\yahoo-avast.xml
[2014/10/18 19:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/18 19:44:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/03 16:05:33 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/13 14:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 14:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java Platform SE 6 U39 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Terry\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/10 20:13:23 | 000,443,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15252 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Terry\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 4.2.2.2,4.2.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Terry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Terry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/25 12:12:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0928093f-84bd-11e0-913f-415645000030}\Shell - "" = AutoRun
O33 - MountPoints2\{a0a89396-82fa-11df-9969-415645000030}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/11/01 18:47:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2014/11/01 16:38:31 | 004,184,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Terry\Desktop\tdsskiller.exe
[2014/11/01 15:04:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/01 14:33:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/01 14:32:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/11/01 14:32:33 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/11/01 14:32:17 | 005,591,672 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
[2014/10/29 23:04:06 | 000,000,000 | -HSD | C] -- C:\found.006
[2014/10/29 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Enigma Software Group
[2014/10/29 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
[2014/10/18 19:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/19 12:47:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Terry\AppData\Roaming\pcouffin.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/11/01 18:51:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/01 18:47:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2014/11/01 18:32:28 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/11/01 18:32:23 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/11/01 18:32:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 18:32:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 18:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/01 16:38:32 | 004,184,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Terry\Desktop\tdsskiller.exe
[2014/11/01 16:18:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000UA.job
[2014/11/01 15:18:19 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1477731906-2416044131-2405930326-1000Core.job
[2014/11/01 15:01:28 | 001,998,336 | ---- | M] () -- C:\Users\Terry\Desktop\adwcleaner_4.002.exe
[2014/11/01 14:32:17 | 005,591,672 | R--- | M] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe
[2014/10/29 22:51:29 | 000,001,072 | ---- | M] () -- C:\Users\Terry\Desktop\RegHunter.lnk
[2014/10/29 22:49:30 | 000,001,077 | ---- | M] () -- C:\Users\Terry\Desktop\SpyHunter.lnk
[2014/10/29 22:49:23 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2014/10/28 20:22:46 | 000,002,046 | ---- | M] () -- C:\Users\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/22 22:52:12 | 000,033,970 | ---- | M] () -- C:\Users\Terry\Desktop\4060-bile-10x-3.jpg
[2014/10/22 22:51:54 | 000,038,353 | ---- | M] () -- C:\Users\Terry\Desktop\4060-bile-20x-3.jpg
[2014/10/21 17:35:52 | 008,686,380 | ---- | M] () -- C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
[2014/10/16 12:53:35 | 299,889,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/16 03:47:57 | 000,379,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/08 17:11:08 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerry.job
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Terry\Desktop\*.tmp files -> C:\Users\Terry\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/11/01 15:01:05 | 001,998,336 | ---- | C] () -- C:\Users\Terry\Desktop\adwcleaner_4.002.exe
[2014/10/29 22:51:29 | 000,001,072 | ---- | C] () -- C:\Users\Terry\Desktop\RegHunter.lnk
[2014/10/29 22:49:23 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2014/10/27 22:59:42 | 008,686,380 | ---- | C] () -- C:\Users\Terry\Desktop\LUNG Alveolar Sac BF.tif
[2014/10/22 22:52:11 | 000,033,970 | ---- | C] () -- C:\Users\Terry\Desktop\4060-bile-10x-3.jpg
[2014/10/22 22:51:53 | 000,038,353 | ---- | C] () -- C:\Users\Terry\Desktop\4060-bile-20x-3.jpg
[2014/05/03 16:05:36 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/03/02 16:32:25 | 000,000,286 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/14 15:49:58 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2013/05/19 12:47:44 | 000,087,608 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\inst.exe
[2013/05/19 12:47:44 | 000,007,887 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\pcouffin.cat
[2013/05/19 12:47:44 | 000,001,144 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\pcouffin.inf
[2013/05/17 09:27:40 | 000,176,996 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/05/16 20:59:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/05/16 20:28:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/04/02 11:44:56 | 000,379,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/03/03 09:41:11 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/03 09:41:11 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/04/21 22:54:09 | 000,000,045 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE2.dat
[2012/04/21 22:44:53 | 000,000,045 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE1.dat
[2011/12/27 01:34:25 | 000,001,356 | ---- | C] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2011/12/16 00:24:01 | 000,042,228 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2011/10/29 17:43:52 | 000,000,032 | ---- | C] () -- C:\Users\Terry\jagex_cl_runescape_LIVE.dat
[2010/09/07 20:43:55 | 000,000,024 | ---- | C] () -- C:\Users\Terry\jagexappletviewer.preferences
[2010/08/20 12:46:04 | 000,000,600 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\AutoGK.ini
[2010/06/03 01:24:38 | 000,000,129 | ---- | C] () -- C:\Users\Terry\jagex_runescape_preferences2.dat
[2010/06/03 01:24:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\jagex__preferences3.dat
[2010/06/03 01:23:31 | 000,000,046 | ---- | C] () -- C:\Users\Terry\jagex_runescape_preferences.dat
[2010/05/14 15:18:19 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/14 14:55:33 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/07 17:58:54 | 000,060,744 | ---- | C] () -- C:\Users\Terry\g2mdlhlpx.exe
[2008/09/12 13:06:36 | 000,001,144 | ---- | C] () -- C:\Users\Terry\HP Solution Center.lnk
[2008/01/26 14:36:05 | 000,025,088 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/25 12:42:35 | 000,001,630 | ---- | C] () -- C:\Users\Terry\Windows Media Center.lnk
[2007/04/25 12:22:30 | 000,002,017 | ---- | C] () -- C:\Users\Terry\HP Total Care Advisor.lnk
[2007/04/25 12:18:16 | 000,002,132 | ---- | C] () -- C:\Users\Terry\Microsoft Office – 60 Day Trial..lnk
[2007/04/25 12:00:36 | 000,001,993 | ---- | C] () -- C:\Users\Terry\My HP Games.lnk
========== ZeroAccess Check ==========
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/07/21 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\acccore
[2014/05/03 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\AVAST Software
[2008/12/31 07:56:18 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Aventail
[2013/05/08 22:02:11 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Azureus
[2010/08/20 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\BackTalk
[2014/11/01 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Dropbox
[2014/10/29 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Enigma Software Group
[2009/01/13 20:20:58 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GetRightToGo
[2012/12/05 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GMATPrep
[2013/03/27 18:08:34 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\JCP
[2013/10/12 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Leica Microsystems
[2009/02/07 11:54:07 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\LimeWire
[2012/08/10 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\MusicNet
[2009/01/09 20:26:16 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\muvee Technologies
[2007/08/18 14:10:26 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Snapfish
[2014/04/05 01:05:52 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Spotify
[2010/01/20 21:17:22 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\UB
[2013/05/19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Vso
[2008/03/27 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB40626$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
OTL Exras:
OTL Extras logfile created on: 11/1/2014 6:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 42.12% Memory free
11.80 Gb Paging File | 10.08 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): c:\pagefile.sys 9216 9216 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 42.80 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Computer Name: Z-BOT | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037D36E9-3E17-40A9-A16F-022F1CABCD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13FD987B-43FC-486F-9998-6076C3C3E50F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{23EF6883-062E-47C1-9873-1AA0DA9491A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{264BABD8-DCE2-48C7-8439-F01AC0EC2326}" = rport=445 | protocol=6 | dir=out | app=system |
"{32284360-5F28-4418-A4F8-BA3251BE26C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{34393987-0D07-4617-9A41-DC1B9EBE106B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43C80109-3035-41BB-A53F-A345FCA51E6D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47BD29AF-73FD-4089-B7AE-34F3CA451430}" = lport=445 | protocol=6 | dir=in | app=system |
"{5E96F608-35AE-4C03-909F-1625CE6EAAC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{78B9BA2D-02FA-47D7-8BBF-D68839533C68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8BA30EC7-51D9-416F-8582-62C83D6B260C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2BB0482-AFD8-427E-96CC-600EDC2B2BA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5EC2666-DA73-46FB-A8B8-479677D31F2E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D81264C1-1664-4F88-8213-297CBD9F9958}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA97A6C2-0323-4E2D-88F6-88020FC86A0D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E4C66B2E-2E0A-4C6D-81F5-99F4F2414471}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{EBDF1557-9037-4A8C-9331-26C3BB6682B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0329DE5-52E1-4FE7-85A1-A6DA173D2895}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5AB358F-3F8E-45FC-A328-5DD7D51C071A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FAC37CF9-EACD-462A-B1F2-E2BAF7924B2B}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DE4B25-B122-49C7-932A-AA436512E713}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0B02C3C8-21F9-41E0-90CC-8328B951B3AB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{14B99250-80E3-4468-9B7F-7ED7341B8D6E}" = protocol=1 | dir=out | [email protected],-28544 |
"{1A72A3A4-D07A-46D6-814D-A89A11A4EE1D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{1BDD95D6-A10A-4512-9E71-B8081B1F6517}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{35C5308C-DB4A-408D-9431-8A41CA109EC7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{38C7D160-E8EB-4303-8135-68D229C0B369}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69B6C844-FC81-4DB2-8B6A-4991154B5E85}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8B077D5C-E878-46A7-9BE8-1A0EA22C466B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C967314-4CD4-4D44-8D0D-BB2B8FA1C305}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxccpswx.exe |
"{8ECF90C6-02E4-4E1A-BCCE-B53CF0DB3139}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{95C2165C-6939-4B7F-B410-BDBCF433DCB1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{A3A1A269-DE39-4746-94CD-37CF6820083C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{A6A46008-1AB1-4FFA-A215-75B86A4784BF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{B351C3CE-FCF7-4046-9D3D-10947E8817D2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BF1A2201-5736-4DDB-973C-F39C8A3970B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C23D1CD3-8C1B-4EFF-B9D8-E06A1E2E703A}" = protocol=1 | dir=in | [email protected],-28543 |
"{CA20AA4D-C568-450F-8BF6-B8CA532082BB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CE46AE9E-0B90-445E-BDF5-1B531D5599FB}" = protocol=58 | dir=in | [email protected],-28545 |
"{D471DFA4-CC48-407B-9CBC-87536A21C3EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{DD9C871B-FF30-4418-8CC9-2ADF4CE20976}" = protocol=58 | dir=out | [email protected],-28546 |
"{EBB4DA51-873A-425C-A6B5-2F0C00C853C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1159572-1878-4231-91F6-06DC7F0BAB17}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{F6D72760-4DEB-4F10-B6A9-B1DDB11AB475}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F92B45C5-4D16-402C-9C66-4B488C4EA557}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{C16C2B04-58B1-4804-BDE4-88FC2025BA73}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{46A59E98-5AB5-49EF-9DBA-F50ECCAE8507}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8F0C7F4E-62F3-4EA7-944E-237C24FB5F3A}" = LAS EZ 3.0.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-AACE" = ATT-AACE
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Carbonite Backup" = Carbonite
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink 2010_is1" = DVD Shrink 2010
"GMATPrep 2.1.279" = GMATPrep
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HyperCam 2" = HyperCam 2
"ImageJ_is1" = ImageJ 1.47v
"Just BASIC v1.01" = Just BASIC v1.01
"Leica EZ Camera" = Leica EZ Camera 2.6.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RegHunter" = RegHunter
"RuneScape Toolbar" = RuneScape Toolbar
"SpyHunter" = SpyHunter 4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2013" = TurboTax 2013
"VLC media player" = VLC media player 2.1.3
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/1/2014 5:33:25 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
exception code 0xc0000005, fault offset 0x00014066, process id 0x1bf8, application
start time 0x01cff61a1ad9776e.
Error - 11/1/2014 5:48:28 PM | Computer Name = Z-BOT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16584 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1278 Start Time: 01cff61d159fea67 Termination Time: 62
Error - 11/1/2014 6:30:00 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
exception code 0xc0000005, fault offset 0x00014066, process id 0x166c, application
start time 0x01cff6222f398ee7.
Error - 11/1/2014 7:16:33 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
exception code 0xc0000005, fault offset 0x00014066, process id 0x4d4, application
start time 0x01cff6289de01858.
Error - 11/1/2014 7:59:37 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
exception code 0xc0000005, fault offset 0x00014066, process id 0x1d18, application
start time 0x01cff62f18d1ab26.
Error - 11/1/2014 11:38:16 PM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module AcroPDF.dll, version 8.3.1.289, time stamp 0x4e5d40d3,
exception code 0xc0000005, fault offset 0x00014066, process id 0x172c, application
start time 0x01cff64e347b7fa3.
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = VSS | ID = 12305
Description =
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = VSS | ID = 12293
Description =
Error - 11/2/2014 2:19:14 AM | Computer Name = Z-BOT | Source = System Restore | ID = 8193
Description =
Error - 11/2/2014 2:57:05 AM | Computer Name = Z-BOT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16584, time stamp
0x4549b14e, faulting module Flash32_15_0_0_167.ocx, version 15.0.0.167, time stamp
0x541384c0, exception code 0xc0000005, fault offset 0x00647997, process id 0x2748,
application start time 0x01cff669ac6aedcb.
[ Media Center Events ]
Error - 5/19/2013 5:24:31 PM | Computer Name = Z-BOT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 5/20/2014 9:59:18 PM | Computer Name = Z-BOT | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 11/1/2014 7:22:53 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7026
Description =
Error - 11/1/2014 7:24:41 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
Error - 11/1/2014 7:40:45 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7011
Description =
Error - 11/1/2014 9:32:52 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7023
Description =
Error - 11/1/2014 9:33:08 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
Error - 11/1/2014 9:34:29 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7022
Description =
Error - 11/1/2014 9:34:32 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7026
Description =
Error - 11/1/2014 9:35:52 PM | Computer Name = Z-BOT | Source = DCOM | ID = 10010
Description =
Error - 11/1/2014 9:40:10 PM | Computer Name = Z-BOT | Source = Service Control Manager | ID = 7011
Description =
Error - 11/2/2014 2:44:25 AM | Computer Name = Z-BOT | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
< End of report >