Tons of Pop Ups and Extremely Slow (think its infected)
#16
Posted 04 November 2013 - 10:14 AM
#17
Posted 04 November 2013 - 10:56 AM
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\[bleep]\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
3.87 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 58.21% Memory free
7.96 Gb Paging File | 6.19 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 342.95 Gb Free Space | 75.77% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Computer Name: [bleep]-PC | User Name: [bleep] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/04 11:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\[bleep]\Desktop\OTL.exe
PRC - [2013/10/09 00:29:50 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2009/04/10 13:49:44 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/10/25 20:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 00:29:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/24 09:21:40 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/07 10:19:10 | 000,129,304 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/03/07 10:18:48 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/04/10 13:49:46 | 002,062,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VX3000.sys -- (VX3000)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/09/02 23:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/05 23:17:03 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 98 52 27 5F D9 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{1F88DD1E-E4ED-4156-9210-1BBDF7963D57}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNSM_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\[bleep]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2009/06/17 23:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[bleep]\AppData\Roaming\Mozilla\Extensions
[2009/06/17 23:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[bleep]\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/02/27 23:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/04 10:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/04 10:13:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/04 10:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/11/04 10:13:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: PlayFizz Platinum Content Add-on = C:\Users\[bleep]\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbjpbhhfkoodogjcbjemoaidadolapp\1.0.0_0\
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A47B38AF-A1A0-4563-A66B-A1CB52695B5E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD058D1D-35C6-4120-9E14-5186FC6DDAFC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ca3a839-c432-11df-9630-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1ca3a839-c432-11df-9630-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{af77258c-66aa-11de-9f2d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{af77258c-66aa-11de-9f2d-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/04 11:05:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\[bleep]\Desktop\OTL.exe
[2013/11/04 09:39:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 09:35:59 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\[bleep]\Desktop\JRT.exe
[2013/11/04 07:08:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 23:40:18 | 000,000,000 | ---D | C] -- C:\Users\[bleep]\Desktop\FRST64
[2013/11/03 23:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/03 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/03 19:53:26 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/13 02:00:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/10/12 02:09:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/12 02:09:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/12 02:09:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/12 02:09:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/12 02:09:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/12 02:09:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/12 02:09:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/12 02:09:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/12 02:09:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/12 02:09:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/12 02:09:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/12 02:09:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/12 02:09:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/12 02:09:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/12 02:09:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/10 05:35:31 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/10/10 05:35:26 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 05:35:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 05:35:23 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/10 05:35:23 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/10 05:35:20 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/10/10 05:35:20 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/10/10 05:35:20 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/10/10 05:35:20 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/10/10 05:35:20 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/10/10 05:35:20 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/10/10 05:35:19 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/10/10 05:35:19 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/10/10 05:35:18 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 05:35:18 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 05:35:18 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 05:35:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 05:35:17 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 05:35:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[1 C:\Users\[bleep]\Desktop\*.tmp files -> C:\Users\[bleep]\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/04 11:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 11:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\[bleep]\Desktop\OTL.exe
[2013/11/04 11:04:36 | 000,113,684 | ---- | M] () -- C:\Users\[bleep]\Desktop\398-otl-oldtimers-list-it.htm
[2013/11/04 11:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 10:57:35 | 000,061,440 | ---- | M] ( ) -- C:\Users\[bleep]\Desktop\VEW.exe
[2013/11/04 10:35:25 | 003,163,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/04 10:35:25 | 000,992,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/04 10:35:25 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/04 10:29:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 10:28:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/11/04 10:28:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 10:28:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 10:28:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/04 10:13:04 | 000,000,874 | ---- | M] () -- C:\Users\[bleep]\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/04 10:13:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/04 09:35:59 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\[bleep]\Desktop\JRT.exe
[2013/11/03 17:46:57 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2013/10/12 02:56:25 | 000,400,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 18:30:37 | 000,002,651 | ---- | M] () -- C:\Users\[bleep]\Desktop\Microsoft Office Word 2007.lnk
[2013/10/09 00:29:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 00:29:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\[bleep]\Desktop\*.tmp files -> C:\Users\[bleep]\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/04 11:04:36 | 000,113,684 | ---- | C] () -- C:\Users\[bleep]\Desktop\398-otl-oldtimers-list-it.htm
[2013/11/04 10:57:35 | 000,061,440 | ---- | C] ( ) -- C:\Users\[bleep]\Desktop\VEW.exe
[2013/11/03 23:16:10 | 000,000,874 | ---- | C] () -- C:\Users\[bleep]\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/03 23:16:10 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/03 23:16:09 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/03 17:46:57 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/04/09 18:29:41 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/04/09 18:29:41 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011/12/04 05:15:09 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\2pres.dll
[2009/10/24 11:58:01 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/06/05 23:17:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/30 06:18:55 | 000,001,976 | ---- | C] () -- C:\Users\[bleep]\AppData\Roaming\wklnhst.dat
[2009/05/18 19:59:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/18 14:46:01 | 000,052,224 | ---- | C] () -- C:\Users\[bleep]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 14:37:07 | 000,007,052 | ---- | C] () -- C:\Users\[bleep]\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/06 23:29:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/06/05 23:21:45 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2013/09/14 22:08:35 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2013/11/03 17:46:57 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2013/11/04 10:28:31 | 177,680,383 | -HS- | M] () -- C:\pagefile.sys
[2008/11/07 00:37:47 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log
[2013/02/16 09:24:34 | 000,000,288 | ---- | M] () -- C:\{002D8ECB-B73B-4689-9378-3EA9D9F085BA}
[2013/02/16 08:49:19 | 000,000,504 | ---- | M] () -- C:\{0CFCB1D1-4245-4F96-B103-AF02062CE6F3}
[2013/02/16 08:13:38 | 000,000,288 | ---- | M] () -- C:\{10568C97-AE7A-42D1-8EF3-E4DEF600C2AB}
[2013/02/16 09:04:56 | 000,000,288 | ---- | M] () -- C:\{130C9DFB-DF2B-459B-8B93-1E227F927EAE}
[2013/02/16 09:10:36 | 000,000,288 | ---- | M] () -- C:\{1C0B52F6-F6B6-46E8-837E-EB2E08F18A69}
[2013/02/16 08:35:02 | 000,000,288 | ---- | M] () -- C:\{1C53849D-7378-45A5-858B-5C5E7A53A02D}
[2013/02/16 08:52:05 | 000,000,288 | ---- | M] () -- C:\{1EA846CA-F4C9-46E1-BF1E-470D17A77375}
[2013/02/17 17:46:48 | 000,000,288 | ---- | M] () -- C:\{2D24AB61-A73D-49A7-B578-2C305FDF00FC}
[2013/02/16 09:32:12 | 000,000,288 | ---- | M] () -- C:\{373F589E-6F87-43E5-9559-B7077BB8B987}
[2013/02/17 18:27:17 | 000,000,288 | ---- | M] () -- C:\{3FA0F9C4-888F-4814-8CBD-39076E56EE17}
[2013/02/16 09:22:38 | 000,000,288 | ---- | M] () -- C:\{42402BC2-1EAB-4F35-834C-478B40B6880B}
[2013/02/13 00:41:24 | 000,000,288 | ---- | M] () -- C:\{469BD6C9-3188-4284-B19F-36733E413808}
[2013/02/17 19:23:19 | 000,027,760 | ---- | M] () -- C:\{589642AF-A1F3-4C1A-A6CD-658CD05FD65F}
[2013/02/20 20:56:01 | 000,000,288 | ---- | M] () -- C:\{5AAAE491-EA8A-428F-9FDA-A463FAE5E958}
[2013/02/17 17:46:48 | 000,020,896 | ---- | M] () -- C:\{5F7560BC-E7CA-430F-8229-79BCBB5214C1}
[2013/02/20 20:58:08 | 000,000,288 | ---- | M] () -- C:\{5FC0F4F8-380E-4525-9E31-E7F4D2967FFC}
[2013/02/16 09:27:46 | 000,000,288 | ---- | M] () -- C:\{63AF0A01-33FD-4DA6-9E81-5BE782F38C39}
[2013/02/16 09:17:45 | 000,000,288 | ---- | M] () -- C:\{661E4B3A-B7A2-4769-AC68-2B9C84B72CEB}
[2013/02/16 08:03:42 | 000,000,288 | ---- | M] () -- C:\{683D0251-D767-4975-BFD8-4D65F63184F1}
[2013/02/26 08:11:33 | 000,002,232 | ---- | M] () -- C:\{77953EAC-B392-4F08-8A0F-2D2FA870035C}
[2013/02/16 09:02:58 | 000,000,288 | ---- | M] () -- C:\{7BD2E534-C5F4-4B08-BA0B-B0E86970C7C4}
[2013/02/17 19:14:15 | 000,000,288 | ---- | M] () -- C:\{7C686F05-0704-438B-B761-FE6A26671EBC}
[2013/02/16 08:40:51 | 000,000,288 | ---- | M] () -- C:\{7DE4DFC2-112D-4E2E-8C3A-293E190FFC2A}
[2013/02/16 09:06:42 | 000,000,288 | ---- | M] () -- C:\{7E5093E5-1A6D-448F-8BD3-7E5506642A7F}
[2013/06/30 22:05:08 | 000,000,288 | ---- | M] () -- C:\{7EE048B7-BCAD-4ECB-8DE2-928FA1D081C6}
[2013/05/20 16:22:01 | 000,000,488 | ---- | M] () -- C:\{8433FA0A-E18F-434A-8496-D56452FCC0B4}
[2013/02/16 08:26:26 | 000,000,288 | ---- | M] () -- C:\{8528CCEF-2564-467A-B837-56FD1BA3EB4D}
[2013/02/13 22:23:08 | 000,000,288 | ---- | M] () -- C:\{88ED73FF-6B59-413A-80B9-23BCB526749C}
[2013/02/17 19:51:19 | 000,000,288 | ---- | M] () -- C:\{93D532FE-67FC-4DF4-A74C-839E945EE541}
[2013/02/16 08:57:21 | 000,000,288 | ---- | M] () -- C:\{93DF0E4C-86CB-473D-BFE5-F7BF581EFC83}
[2013/02/16 09:12:19 | 000,000,288 | ---- | M] () -- C:\{9BEE7D0D-60E1-4A64-B8B5-2F0407CFF7AF}
[2013/02/13 19:19:54 | 000,000,288 | ---- | M] () -- C:\{AB28DFD3-0803-40FE-B14F-6B4A2BF80517}
[2013/02/13 19:17:47 | 000,000,288 | ---- | M] () -- C:\{AC3DD203-4835-449E-9044-6E251FA8AB1B}
[2013/02/13 19:09:45 | 000,000,288 | ---- | M] () -- C:\{AEFA457E-7E43-4B6C-912B-66A7EDC946E7}
[2013/02/13 00:41:24 | 000,022,240 | ---- | M] () -- C:\{B1DFC02F-054D-4EF1-85F4-5F67615BB808}
[2013/02/17 19:18:44 | 000,000,288 | ---- | M] () -- C:\{B1FA4673-09B2-461C-BF2B-8ADCAE41F818}
[2013/02/20 20:54:37 | 000,008,752 | ---- | M] () -- C:\{B57DE985-4841-48CF-8501-1E66CD84C256}
[2013/05/20 16:22:00 | 000,024,024 | ---- | M] () -- C:\{BAF99C38-CCEF-433B-8552-E7D61EB7EDA0}
[2013/02/13 19:13:56 | 000,000,288 | ---- | M] () -- C:\{BDDED20D-A6DB-4512-92EB-992060EFADB3}
[2013/02/20 20:51:44 | 000,003,192 | ---- | M] () -- C:\{D214652C-303F-4EEA-80A9-0ABDBF51E9F4}
[2013/02/27 23:42:48 | 000,201,056 | ---- | M] () -- C:\{D2804EFA-E161-4DAB-ACF2-D0FA3A2D5940}
[2013/02/17 20:30:37 | 000,000,288 | ---- | M] () -- C:\{D5F5B60C-56D8-4FA8-8D3F-EB773D6C6B90}
[2013/02/17 19:21:55 | 000,000,288 | ---- | M] () -- C:\{D710BAB2-E838-4160-8995-FD58FCEF50B4}
[2013/02/22 22:18:19 | 000,017,200 | ---- | M] () -- C:\{D7DAD832-C800-4790-87BC-DAE1DD9F4318}
[2013/02/13 19:15:50 | 000,000,288 | ---- | M] () -- C:\{D878D554-0398-4DD7-AB83-990049F9F305}
[2013/02/17 19:06:54 | 000,000,288 | ---- | M] () -- C:\{D95C1B41-9F38-4187-AE3A-AC5845D67631}
[2013/02/13 19:03:45 | 000,000,288 | ---- | M] () -- C:\{DCF090C5-D364-4B7D-95AF-486D8CB0BBAD}
[2013/02/13 22:27:28 | 000,000,288 | ---- | M] () -- C:\{DED8D91A-346C-4B54-BD5C-B1E65B2C480F}
[2013/02/17 19:16:47 | 000,000,288 | ---- | M] () -- C:\{E6EFE154-39A4-4CFD-B2F1-AA9BF5049D60}
[2013/02/16 09:15:29 | 000,000,288 | ---- | M] () -- C:\{E7677553-EAEC-4FDD-ADC1-D37C275CC1CE}
[2013/02/16 09:18:56 | 000,000,288 | ---- | M] () -- C:\{EDA30F39-064E-4C9B-9D47-E51266316BEB}
[2013/02/17 21:02:06 | 000,000,512 | ---- | M] () -- C:\{F3236C99-C6FE-4B20-9341-B8F1962C574C}
< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/09/28 20:06:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2011/08/16 23:16:43 | 000,161,720 | ---- | M] () -- C:\Program Files (x86)\2pres.dll
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< MD5 for: CONNECT.DLL >
[2008/10/21 00:25:17 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=1C560CA4FBE7675D044273C6B69F3DC1 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
[2008/10/21 00:16:20 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=234400AD69C09B878D65E7385C9EA63A -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
[2008/10/21 00:37:33 | 001,691,648 | ---- | M] (Microsoft Corporation) MD5=312BD4704112CA00F192706555C836E6 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_bf0c0edf521c96cf\connect.dll
[2009/04/11 01:28:18 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=36509ECC02172D09507A16FAD12C566F -- C:\Windows\SysWOW64\connect.dll
[2009/04/11 01:28:18 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=36509ECC02172D09507A16FAD12C566F -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6002.18005_none_66fa06f393dc44ff\connect.dll
[2008/10/21 00:21:42 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=5AE97043F91FAEDA8985C1561CC3EB4D -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
[2009/04/11 02:11:14 | 001,691,648 | ---- | M] (Microsoft Corporation) MD5=A322BB42609E9D728C9440FB2685F04D -- C:\Windows\SysNative\connect.dll
[2009/04/11 02:11:14 | 001,691,648 | ---- | M] (Microsoft Corporation) MD5=A322BB42609E9D728C9440FB2685F04D -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6002.18005_none_c318a2774c39b635\connect.dll
[2008/10/21 00:30:44 | 001,691,136 | ---- | M] (Microsoft Corporation) MD5=BD6503E83B592850F16B1CE82FAF33A8 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_bfa54bac6b2f63d4\connect.dll
[2008/10/21 01:26:26 | 001,691,648 | ---- | M] (Microsoft Corporation) MD5=BFAAB2FE4DF6A35F12178853784761EA -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_c156791a687d9caa\connect.dll
[2008/01/20 21:49:04 | 001,691,136 | ---- | M] (Microsoft Corporation) MD5=CD27BEE7657BC7F5AB21DC4A66DCD2BF -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18000_none_c12d296b4f17eae9\connect.dll
[2008/10/21 00:06:53 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=E1742674170F9566321C9AFBC2D22527 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
[2008/01/20 21:49:54 | 001,645,568 | ---- | M] (Microsoft Corporation) MD5=EBAC4F3E45CC12F6433ED658C1853105 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18000_none_650e8de796ba79b3\connect.dll
[2008/10/21 00:49:01 | 001,691,648 | ---- | M] (Microsoft Corporation) MD5=F542132CCCC6C9B47C0207411B8E3014 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_c1001e4f4f3857d4\connect.dll
< MD5 for: MSWSOCK.DLL >
[2008/01/20 21:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 02:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 02:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll
< MD5 for: NETCFGX.DLL >
[2008/01/20 21:48:28 | 000,386,560 | ---- | M] (Microsoft Corporation) MD5=6BC5FCEF351E4CB5A269C1E84B5A06DA -- C:\Windows\SysWOW64\netcfgx.dll
[2008/01/20 21:48:28 | 000,386,560 | ---- | M] (Microsoft Corporation) MD5=6BC5FCEF351E4CB5A269C1E84B5A06DA -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6001.18000_none_3e14e7642587c68e\netcfgx.dll
[2008/01/20 21:50:45 | 000,503,808 | ---- | M] (Microsoft Corporation) MD5=C1AE82B8F60ADB630C00DCE48E571CDD -- C:\Windows\SysNative\netcfgx.dll
[2008/01/20 21:50:45 | 000,503,808 | ---- | M] (Microsoft Corporation) MD5=C1AE82B8F60ADB630C00DCE48E571CDD -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6001.18000_none_9a3382e7dde537c4\netcfgx.dll
< MD5 for: NETMAN.DLL >
[2008/01/20 21:48:10 | 000,348,160 | ---- | M] (Microsoft Corporation) MD5=9B63B29DEFC0F3115A559D2597BF5D75 -- C:\Windows\SysNative\netman.dll
[2008/01/20 21:48:10 | 000,348,160 | ---- | M] (Microsoft Corporation) MD5=9B63B29DEFC0F3115A559D2597BF5D75 -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_6bdbb71a0a2d4469\netman.dll
< MD5 for: NETSHELL.DLL >
[2008/01/20 21:50:29 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=1DA9A97633442FF5349B742FDCFD3E2C -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_31a20656c6683a63\netshell.dll
[2008/01/20 21:48:13 | 003,173,376 | ---- | M] (Microsoft Corporation) MD5=5AA18E7840E880E10789DE414BF3131A -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\netshell.dll
[2009/04/11 02:11:16 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=AA6FAA30D3D0D4424DBA3D74D1CA1E14 -- C:\Windows\SysNative\netshell.dll
[2009/04/11 02:11:16 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=AA6FAA30D3D0D4424DBA3D74D1CA1E14 -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.0.6002.18005_none_338d7f62c38a05af\netshell.dll
[2009/04/11 01:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) MD5=E98E402067978DB38282158F9E8609CA -- C:\Windows\SysWOW64\netshell.dll
[2009/04/11 01:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) MD5=E98E402067978DB38282158F9E8609CA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6002.18005_none_d76ee3df0b2c9479\netshell.dll
< End of report >
#18
Posted 04 November 2013 - 10:58 AM
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\[bleep]\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
3.87 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 58.21% Memory free
7.96 Gb Paging File | 6.19 Gb Available in Paging File | 77.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 342.95 Gb Free Space | 75.77% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.67% Space Free | Partition Type: NTFS
Computer Name: [bleep]-PC | User Name: [bleep] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2C E9 52 6C E1 9D CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23FF69B4-AAAC-4937-B4C0-8A78E4B2C963}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{36381341-DC39-41D0-95A0-A1554F18F8F2}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{3F79220D-1DBC-4B3B-B61C-854753871F82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{48273235-C17D-4DA4-84F4-E4E0A9CDAE94}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{699C18D1-D1E3-446A-81CD-6241B0DAB653}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{776394F7-03E6-4E17-8F8C-66A57A6BD41D}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{7B266CEC-CB1B-4B20-B0A1-5F3B22108D95}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{8B42653B-E347-4E2A-BBC1-59BFE17A9279}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{911B4531-BDFD-49FE-B654-4AF373684D53}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{9DF97F74-1C27-4093-BA6B-78ED60BF01EF}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{B098AC1B-4AB3-4195-A579-38D07E55CB36}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{B83438A1-5034-4592-BB6E-AFD85C44120F}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{CD9BCD41-D5C9-4527-92CC-BE986F4D1390}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{FE8059AB-EC71-44F3-AD5B-58E47C69311D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6F7BF5-0118-48EB-8CF0-D0B06F705A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{0FCAD090-890B-4AEB-BA10-3243FD5C9A0C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{10D13B4E-C19D-4960-BFFC-F1318DCA7B75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15AA7722-E35E-421C-87CF-A95144D46163}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{1702DF01-5836-4679-9791-32C592388079}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1242694897\ee\aolsoftware.exe |
"{1B8EE164-6CC2-4BF9-8DEC-43F397E1552E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1CD64A93-1250-43B1-8880-1338F156A839}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{22AB5CFE-FF02-4084-970B-44ACC8F72910}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{23E536CB-8352-4EDC-9F9C-1C8A101495FF}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{347E3E7D-3558-4BEF-AE26-2B70FC928D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{378747DF-A906-45A9-AF66-83B4747FC52B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{3C802EC9-A667-4BF1-8AF0-823D0C1FC656}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{40A0005E-1F56-4E38-8603-921790EC3F72}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4276460D-7581-4CE0-9B68-A30361EA059A}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |
"{56E841B8-D20E-457C-90B5-FC8D2D2F12A2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{56FD6F32-CEB0-43B2-9D3F-D1E9D7CA5320}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5D3517B7-15B9-4FB3-BC36-0712EE6C12B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{5F3A0E67-3BAF-4FF3-A3CE-D2A1915ED30B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{65F5D0DE-93C3-4981-8098-7B62768106BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{671E3A0C-121B-42BE-BDE9-AB6CF470B270}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6859450D-B34B-4B92-BC18-947C568AEC79}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{69C61284-4A97-42C3-B96C-0DD64B6FD79F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6C8C0DA7-A948-4964-95D4-D09C971355B3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{6DB38BF8-D0B2-4562-AA2F-6014093AEFC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{86FB32DD-9C74-4325-BEC8-6D907CEF9966}" = protocol=6 | dir=in | app=c:\users\[bleep]\appdata\local\temp\7zs28a1.tmp\symnrt.exe |
"{927FBA13-9716-49F1-9697-A56AE115ED73}" = protocol=6 | dir=in | app=c:\users\[bleep]\appdata\local\microsoft\windows\temporary internet files\content.ie5\z4vyciym\facemoods[1].exe |
"{96644CE9-9E2A-4252-BF4F-0E03F916CFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{97E4D548-3A0B-4967-90EE-7C6768529483}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{98544FD2-37B9-4116-BFB9-9E62C3213DFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9BA05DC5-FEFE-4893-A234-327DE930DF46}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9D4DDF38-973F-4986-A607-8BFD2F949F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{A32DC6E8-A554-4B7F-AA5A-04704DFDDC97}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A38471B4-BBF1-4F58-8A94-DAF814C95664}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{A4C0EE42-2E04-4E07-89FA-4C4C0AA33628}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B3457EE7-C39E-4BF1-A996-2DF440D11C87}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1242694897\ee\aolsoftware.exe |
"{B46F1AB2-1CC1-4A9D-93B4-B5680C5F1C82}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B7261BA8-6C99-447D-AABA-F9A05A26CF37}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BA10A24E-6DD6-4EE3-8750-4B4140B393A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{BA18364C-1BCE-4240-951A-00DBC27A2B07}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BAD29D2A-AF0F-4DF3-B463-3A993B573A86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BAFCB0D0-5F98-4D4C-B140-28FEBCE0F10C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{BD4B7F01-BE86-45B4-A1BB-ECE124D381C8}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{BFD0D0A3-C75E-4F0C-89AD-4B145769EB17}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C2D73386-7C0F-43A3-8B99-B72B68C64900}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D5412BDE-0D62-441F-B945-C7FA7670DD9B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{D58C7187-B29D-4CAB-8B89-AEC6FBC194A5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D611F756-CEE4-44EE-8790-9ED207C685A4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D97786F3-1101-4AF9-932B-8452DFD3AB05}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{DE5A1470-7C8A-4E90-B6A8-B99E29C5E92E}" = protocol=17 | dir=in | app=c:\users\[bleep]\appdata\local\temp\7zs28a1.tmp\symnrt.exe |
"{E6B3746F-DEFA-4FDC-800C-7B0F2E2A61CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E77D8DAF-6B17-453F-8FF4-544976B8EEB3}" = protocol=17 | dir=in | app=c:\users\[bleep]\appdata\local\microsoft\windows\temporary internet files\content.ie5\z4vyciym\facemoods[1].exe |
"{E8418F9C-172D-4D72-8740-0B45845073BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{EBD6198C-28AE-4324-A475-694A5C5B2C06}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{FE85D40B-8DD0-48FE-956F-913CFD388391}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"TCP Query User{E6E9E4D3-789A-4A2C-8DB0-73049FAF5EFD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FBE014E2-6675-44F6-8D4F-E9E5A2AD4D3C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{4436D1BA-C9A3-441F-8E50-D0BCEF509FFC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{507D7A22-5592-4C74-83C9-08C2BDA6E1E2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{812F5B09-D0BA-4036-A63E-69238EF22ECA}" = Microsoft Corporation
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A0EF78C7-EBE7-4275-9E0F-C11A80DC6C43}" = Microsoft LifeCam
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{55DD612C-5E1B-4F52-A70D-6BE6A847BB9D}" = ClipConverter
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"111448437" = Deer Drive
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network MagicUninstall" = Network Magic
"Nike+ Connect" = Nike+ Connect
"The Sea App" = The Sea App (Internet Explorer)
"The Weather Channel App" = The Weather Channel App
"TotalRecipeSearch_14bar Uninstall" = TotalRecipeSearch Toolbar
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"WildTangent hp Master Uninstall" = HP Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/11/2013 11:30:14 AM | Computer Name = [bleep]-PC | Source = WinMgmt | ID = 10
Description =
Error - 04/11/2013 11:35:22 AM | Computer Name = [bleep]-PC | Source = LoadPerf | ID = 3012
Description =
Error - 04/11/2013 11:35:22 AM | Computer Name = [bleep]-PC | Source = LoadPerf | ID = 3011
Description =
[ OSession Events ]
Error - 27/02/2013 8:01:10 PM | Computer Name = [bleep]-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 578
seconds with 540 seconds of active time. This session ended with a crash.
Error - 17/07/2013 1:05:35 PM | Computer Name = [bleep]-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 308
seconds with 180 seconds of active time. This session ended with a crash.
Error - 23/09/2013 1:41:41 AM | Computer Name = [bleep]-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 5351
seconds with 2940 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04/11/2013 11:28:30 AM | Computer Name = [bleep]-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 04/11/2013 11:30:15 AM | Computer Name = [bleep]-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
#19
Posted 04 November 2013 - 10:59 AM
Report run at 04/11/2013 11:57:57 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2013 3:30:15 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: StarOpen
Log: 'System' Date/Time: 04/11/2013 3:28:30 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2013 4:47:28 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 002197CE2563. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 04/11/2013 3:27:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
#20
Posted 04 November 2013 - 11:00 AM
Report run at 04/11/2013 12:00:01 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/11/2013 3:35:22 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Log: 'Application' Date/Time: 04/11/2013 3:35:22 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Log: 'Application' Date/Time: 04/11/2013 3:30:14 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#21
Posted 04 November 2013 - 11:06 AM
:OTL FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\[bleep]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin [2013/11/04 10:13:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) [2013/02/16 09:24:34 | 000,000,288 | ---- | M] () -- C:\{002D8ECB-B73B-4689-9378-3EA9D9F085BA} [2013/02/16 08:49:19 | 000,000,504 | ---- | M] () -- C:\{0CFCB1D1-4245-4F96-B103-AF02062CE6F3} [2013/02/16 08:13:38 | 000,000,288 | ---- | M] () -- C:\{10568C97-AE7A-42D1-8EF3-E4DEF600C2AB} [2013/02/16 09:04:56 | 000,000,288 | ---- | M] () -- C:\{130C9DFB-DF2B-459B-8B93-1E227F927EAE} [2013/02/16 09:10:36 | 000,000,288 | ---- | M] () -- C:\{1C0B52F6-F6B6-46E8-837E-EB2E08F18A69} [2013/02/16 08:35:02 | 000,000,288 | ---- | M] () -- C:\{1C53849D-7378-45A5-858B-5C5E7A53A02D} [2013/02/16 08:52:05 | 000,000,288 | ---- | M] () -- C:\{1EA846CA-F4C9-46E1-BF1E-470D17A77375} [2013/02/17 17:46:48 | 000,000,288 | ---- | M] () -- C:\{2D24AB61-A73D-49A7-B578-2C305FDF00FC} [2013/02/16 09:32:12 | 000,000,288 | ---- | M] () -- C:\{373F589E-6F87-43E5-9559-B7077BB8B987} [2013/02/17 18:27:17 | 000,000,288 | ---- | M] () -- C:\{3FA0F9C4-888F-4814-8CBD-39076E56EE17} [2013/02/16 09:22:38 | 000,000,288 | ---- | M] () -- C:\{42402BC2-1EAB-4F35-834C-478B40B6880B} [2013/02/13 00:41:24 | 000,000,288 | ---- | M] () -- C:\{469BD6C9-3188-4284-B19F-36733E413808} [2013/02/17 19:23:19 | 000,027,760 | ---- | M] () -- C:\{589642AF-A1F3-4C1A-A6CD-658CD05FD65F} [2013/02/20 20:56:01 | 000,000,288 | ---- | M] () -- C:\{5AAAE491-EA8A-428F-9FDA-A463FAE5E958} [2013/02/17 17:46:48 | 000,020,896 | ---- | M] () -- C:\{5F7560BC-E7CA-430F-8229-79BCBB5214C1} [2013/02/20 20:58:08 | 000,000,288 | ---- | M] () -- C:\{5FC0F4F8-380E-4525-9E31-E7F4D2967FFC} [2013/02/16 09:27:46 | 000,000,288 | ---- | M] () -- C:\{63AF0A01-33FD-4DA6-9E81-5BE782F38C39} [2013/02/16 09:17:45 | 000,000,288 | ---- | M] () -- C:\{661E4B3A-B7A2-4769-AC68-2B9C84B72CEB} [2013/02/16 08:03:42 | 000,000,288 | ---- | M] () -- C:\{683D0251-D767-4975-BFD8-4D65F63184F1} [2013/02/26 08:11:33 | 000,002,232 | ---- | M] () -- C:\{77953EAC-B392-4F08-8A0F-2D2FA870035C} [2013/02/16 09:02:58 | 000,000,288 | ---- | M] () -- C:\{7BD2E534-C5F4-4B08-BA0B-B0E86970C7C4} [2013/02/17 19:14:15 | 000,000,288 | ---- | M] () -- C:\{7C686F05-0704-438B-B761-FE6A26671EBC} [2013/02/16 08:40:51 | 000,000,288 | ---- | M] () -- C:\{7DE4DFC2-112D-4E2E-8C3A-293E190FFC2A} [2013/02/16 09:06:42 | 000,000,288 | ---- | M] () -- C:\{7E5093E5-1A6D-448F-8BD3-7E5506642A7F} [2013/06/30 22:05:08 | 000,000,288 | ---- | M] () -- C:\{7EE048B7-BCAD-4ECB-8DE2-928FA1D081C6} [2013/05/20 16:22:01 | 000,000,488 | ---- | M] () -- C:\{8433FA0A-E18F-434A-8496-D56452FCC0B4} [2013/02/16 08:26:26 | 000,000,288 | ---- | M] () -- C:\{8528CCEF-2564-467A-B837-56FD1BA3EB4D} [2013/02/13 22:23:08 | 000,000,288 | ---- | M] () -- C:\{88ED73FF-6B59-413A-80B9-23BCB526749C} [2013/02/17 19:51:19 | 000,000,288 | ---- | M] () -- C:\{93D532FE-67FC-4DF4-A74C-839E945EE541} [2013/02/16 08:57:21 | 000,000,288 | ---- | M] () -- C:\{93DF0E4C-86CB-473D-BFE5-F7BF581EFC83} [2013/02/16 09:12:19 | 000,000,288 | ---- | M] () -- C:\{9BEE7D0D-60E1-4A64-B8B5-2F0407CFF7AF} [2013/02/13 19:19:54 | 000,000,288 | ---- | M] () -- C:\{AB28DFD3-0803-40FE-B14F-6B4A2BF80517} [2013/02/13 19:17:47 | 000,000,288 | ---- | M] () -- C:\{AC3DD203-4835-449E-9044-6E251FA8AB1B} [2013/02/13 19:09:45 | 000,000,288 | ---- | M] () -- C:\{AEFA457E-7E43-4B6C-912B-66A7EDC946E7} [2013/02/13 00:41:24 | 000,022,240 | ---- | M] () -- C:\{B1DFC02F-054D-4EF1-85F4-5F67615BB808} [2013/02/17 19:18:44 | 000,000,288 | ---- | M] () -- C:\{B1FA4673-09B2-461C-BF2B-8ADCAE41F818} [2013/02/20 20:54:37 | 000,008,752 | ---- | M] () -- C:\{B57DE985-4841-48CF-8501-1E66CD84C256} [2013/05/20 16:22:00 | 000,024,024 | ---- | M] () -- C:\{BAF99C38-CCEF-433B-8552-E7D61EB7EDA0} [2013/02/13 19:13:56 | 000,000,288 | ---- | M] () -- C:\{BDDED20D-A6DB-4512-92EB-992060EFADB3} [2013/02/20 20:51:44 | 000,003,192 | ---- | M] () -- C:\{D214652C-303F-4EEA-80A9-0ABDBF51E9F4} [2013/02/27 23:42:48 | 000,201,056 | ---- | M] () -- C:\{D2804EFA-E161-4DAB-ACF2-D0FA3A2D5940} [2013/02/17 20:30:37 | 000,000,288 | ---- | M] () -- C:\{D5F5B60C-56D8-4FA8-8D3F-EB773D6C6B90} [2013/02/17 19:21:55 | 000,000,288 | ---- | M] () -- C:\{D710BAB2-E838-4160-8995-FD58FCEF50B4} [2013/02/22 22:18:19 | 000,017,200 | ---- | M] () -- C:\{D7DAD832-C800-4790-87BC-DAE1DD9F4318} [2013/02/13 19:15:50 | 000,000,288 | ---- | M] () -- C:\{D878D554-0398-4DD7-AB83-990049F9F305} [2013/02/17 19:06:54 | 000,000,288 | ---- | M] () -- C:\{D95C1B41-9F38-4187-AE3A-AC5845D67631} [2013/02/13 19:03:45 | 000,000,288 | ---- | M] () -- C:\{DCF090C5-D364-4B7D-95AF-486D8CB0BBAD} [2013/02/13 22:27:28 | 000,000,288 | ---- | M] () -- C:\{DED8D91A-346C-4B54-BD5C-B1E65B2C480F} [2013/02/17 19:16:47 | 000,000,288 | ---- | M] () -- C:\{E6EFE154-39A4-4CFD-B2F1-AA9BF5049D60} [2013/02/16 09:15:29 | 000,000,288 | ---- | M] () -- C:\{E7677553-EAEC-4FDD-ADC1-D37C275CC1CE} [2013/02/16 09:18:56 | 000,000,288 | ---- | M] () -- C:\{EDA30F39-064E-4C9B-9D47-E51266316BEB} [2013/02/17 21:02:06 | 000,000,512 | ---- | M] () -- C:\{F3236C99-C6FE-4B20-9341-B8F1962C574C} [2011/08/16 23:16:43 | 000,161,720 | ---- | M] () -- C:\Program Files (x86)\2pres.dll [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini :Commands [EMPTYTEMP] [purity] [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\11042013-some number.log so look there if you don't see it.
#22
Posted 04 November 2013 - 11:18 AM
Log: 'System' Date/Time: 04/11/2013 3:30:15 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: StarOpen
Log: 'System' Date/Time: 04/11/2013 3:28:30 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Think this is from Starburn which does CD/DVD burning. Apparently it is not needed so can be turned off:
Copy the next line:
sc config staropen start= disabled
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the Command Prompt.
Log: 'Application' Date/Time: 04/11/2013 3:35:22 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Log: 'Application' Date/Time: 04/11/2013 3:35:22 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Click Start, expand All Programs, and expand Accessories.
Right-click Command Prompt, and then click Run as administrator.
At the command prompt, type lodctr /r, and then press ENTER.
Log: 'Application' Date/Time: 04/11/2013 3:30:14 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Run the FixIt at http://support.micro...b;en-US;2545227
#23
Posted 04 November 2013 - 12:18 PM
#24
Posted 04 November 2013 - 12:22 PM
Then tell me how it is running. Are you still getting popups? Is it still slow?
#25
Posted 04 November 2013 - 12:34 PM
Do I contine with your last steps after I reboot? Do I rerun the OTL again after reboot?
BRB going to reboot
#26
Posted 04 November 2013 - 12:56 PM
#27
Posted 04 November 2013 - 01:09 PM
Oh and the two times I needed to use the "comman prompt" it stuck for like a couple of min
#28
Posted 04 November 2013 - 01:23 PM
The FixIt just fixes an alarm which is more a nuisance than anything so don't worry about it.
I didn't see any sign of infection - just a ton of adware which is now gone. I think we can clean up now:
Copy the following:
:Commands [CLEARALLRESTOREPOINTS] [Reboot]Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
That will get the last of the malware off the system.
You can uninstall or delete any tools we had you download and their logs.
OTL has a cleanup tab but DO NOT USE IT! There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.
To hide hidden files again:
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash, Reader or Acrobat.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.
You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox, Chrome or IE then get the AdBlock Plus Add-on by pointing your browser at adblockplus.org
If Firefox (or Chrome) is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Firefox or Chrome. Click on Optimize. You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.
Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
Ron
#29
Posted 04 November 2013 - 03:59 PM
I also d/l MSE & Malwarebyes for the computer like in my other one ... however when I ran Malwarebytes and found 35 items that needed to be removed such as ... babylon, sea app, conduit and sweetpea etc etc .... Is this OK .. since we did all and it was clean??
#30
Posted 04 November 2013 - 04:38 PM
MSE isn't much of an anti-virus. Microsoft doesn't even use it on Windows 8 so I expect they have stopped working very hard on it so I would rather see you download the free Avast:
http://www.avast.com/index
Click on Download then choose the free version.
Watch out for the Chrome and Google Toolbar options and uncheck them.
You want the Basic version tho they will try and talk you into the paid or demo version.
Uninstall Microsoft Security Essentials and reboot then install Avast (right click on the installer you downloaded earlier and Run AS Admin).
Once you get it installed then (I usually recommend running this while you sleep so mute the speakers first so it won't wake you up when Windows loads):
Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Scan, set it to Boot-time scan then click on Scan History, highlight the log and then Detailed Report. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users