Hi,
We have a computer that is infected with Cryptodefense. Files have been encrypted by this virus. Everytime I restart this computer, a txt document with instructions pops up. and a browser window opens with more instructions and link to where to pay to get my files back. Below is my OTL log.
OTL logfile created on: 3/29/2014 3:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.71 Mb Total Physical Memory | 237.93 Mb Available Physical Memory | 23.47% Memory free
2.44 Gb Paging File | 1.36 Gb Available in Paging File | 55.71% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.99 Gb Free Space | 38.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/29 15:37:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2014/03/27 14:53:32 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/15 18:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 19:48:30 | 000,091,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
PRC - [2009/03/16 19:44:54 | 002,835,816 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2007/02/07 22:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/07 17:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/13 09:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/15 11:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/15 11:07:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006/11/03 15:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 15:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006/08/18 11:17:36 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
========== Services (SafeList) ==========
SRV - [2014/03/27 14:53:32 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/03/15 01:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 11:47:52 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/02/15 18:45:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/07 17:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jim\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/03/29 15:27:09 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{097E47C6-8512-4084-A4CD-946856C523C9}\MpKsl0f682be9.sys -- (MpKsl0f682be9)
DRV - [2014/03/26 18:43:50 | 000,058,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2014/03/23 16:08:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/12/04 18:23:36 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/03/28 18:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2007/02/07 22:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/11 06:05:20 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006/11/20 12:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 12:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 12:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 16:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cabelas.c...requestid=92544
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7BFE32BFBC-7CE5-CA03-8A50-0615902151C0%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.%25(version)s
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7B6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3%7D:1.4.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jim\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 22:42:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/04 10:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/26 13:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/26 22:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 22:42:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Jim\AppData\Roaming\Move Networks [2010/02/02 14:42:07 | 000,000,000 | ---D | M]
[2008/07/25 17:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2014/03/27 16:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions
[2014/03/22 19:32:10 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2014/03/22 19:32:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2014/03/27 16:07:33 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2014/03/22 19:32:42 | 000,000,000 | ---D | M] (Microsoft Flat Scrollbar Control 6.0 (SP4)) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{FE32BFBC-7CE5-CA03-8A50-0615902151C0}
[2014/03/22 19:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2014/03/27 13:15:20 | 000,063,388 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\[email protected]
[2014/03/27 16:07:36 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2008/03/20 14:43:48 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2014/03/22 19:32:08 | 000,001,622 | ---- | M] () (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2014/03/23 20:50:25 | 000,001,551 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ncs8rnax.default\searchplugins\swagbuckscom.xml
[2014/03/26 13:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/26 13:38:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/02 14:42:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JIM\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/02 03:02:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Microsoft Flat Scrollbar Control 6.0 (SP4) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\4.0.4\
CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014/03/23 17:19:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.TXT ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{853E4690-CD60-4910-A6A7-58C4AF3E07A7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/29 15:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/03/28 12:22:55 | 000,000,000 | ---D | C] -- C:\Windows\Temp198C81B3-7D85-FCDE-9E0A-FB12C7B02F4D-Signatures
[2014/03/27 14:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/03/27 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/03/27 14:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/27 13:28:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\tdsskiller
[2014/03/27 12:24:58 | 000,000,000 | ---D | C] -- C:\Windows\TempB4F5739D-E215-85C6-81D3-C8A4351E735E-Signatures
[2014/03/26 19:40:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
[2014/03/26 13:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014/03/26 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Anti-Malware
[2014/03/26 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2014/03/26 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/26 13:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/03/26 12:03:01 | 000,000,000 | ---D | C] -- C:\Windows\TempF589AB41-A5F2-BF2A-6545-87EB3F0CE685-Signatures
[2014/03/23 17:27:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/23 16:49:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/23 16:49:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/23 16:49:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/23 16:47:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/23 16:22:44 | 000,000,000 | ---D | C] -- C:\found.001
[2014/03/23 14:23:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/03/22 16:53:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Odwics
[2014/03/22 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
========== Files - Modified Within 30 Days ==========
[2014/03/29 15:47:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/29 15:37:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/03/29 15:29:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/29 15:25:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 15:24:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 15:24:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 15:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/29 15:23:39 | 1063,718,912 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/29 15:18:47 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/03/28 15:56:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/27 14:53:32 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/03/26 14:01:11 | 000,054,682 | ---- | M] () -- C:\Users\Jim\Documents\cc_20140326_140059.reg
[2014/03/26 13:49:54 | 000,000,914 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/03/26 13:49:53 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/03/26 13:39:14 | 000,000,872 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/26 13:38:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/26 11:48:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/26 11:48:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/25 14:46:34 | 000,321,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/23 17:19:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/03/23 16:08:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/03/23 15:53:59 | 000,005,568 | ---- | M] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2014/03/23 14:58:01 | 000,000,276 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
[2014/03/22 21:05:20 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | M] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,001,878 | ---- | M] () -- C:\Users\Public\Documents\Debs dad letter.rtf
[2014/03/22 20:57:52 | 000,000,133 | ---- | M] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:47:48 | 001,331,286 | ---- | M] () -- C:\Users\Jim\Documents\yoshimoto cube.wps
[2014/03/22 19:47:42 | 000,001,110 | ---- | M] () -- C:\Users\Jim\Documents\tab backup 7 25 08.rtf
[2014/03/22 19:47:40 | 000,016,726 | ---- | M] () -- C:\Users\Jim\Documents\puma jagdmesser knife.wps
[2014/03/22 19:47:38 | 000,017,238 | ---- | M] () -- C:\Users\Jim\Documents\promotion request 2010.wps
[2014/03/22 19:47:27 | 000,004,950 | ---- | M] () -- C:\Users\Jim\Documents\freewillsovreigntyofGod.rtf
[2014/03/22 19:47:24 | 000,000,854 | ---- | M] () -- C:\Users\Jim\Documents\frank 10-09.rtf
[2014/03/22 19:47:23 | 014,564,182 | ---- | M] () -- C:\Users\Jim\Documents\DSCN2284.MOV
[2014/03/22 19:46:21 | 000,001,878 | ---- | M] () -- C:\Users\Jim\Documents\Debs dad letter.rtf
[2014/03/22 19:46:19 | 001,633,622 | ---- | M] () -- C:\Users\Jim\Documents\12 pyramids.wps
[2014/03/22 19:46:12 | 000,469,846 | ---- | M] () -- C:\Users\Jim\Desktop\Tobymac - Poetically Correct.mp3
[2014/03/22 19:46:10 | 001,760,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac- Ill-M-I.mp3
[2014/03/22 19:46:02 | 001,760,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac- Gone.mp3
[2014/03/22 19:45:55 | 001,910,870 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac -Lose My Soul.mp3
[2014/03/22 19:45:46 | 001,197,398 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Tru-Dog_ The Return.mp3
[2014/03/22 19:45:37 | 000,857,174 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Hype Man(truDog '07).mp3
[2014/03/22 19:45:30 | 001,728,342 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Catchafire (Whoopsi-Daisy).mp3
[2014/03/22 19:45:15 | 002,075,478 | ---- | M] () -- C:\Users\Jim\Desktop\Toby Mac - Atmosphere.mp3
[2014/03/22 19:37:20 | 000,027,478 | ---- | M] () -- C:\Users\Jim\Desktop\Leadership class notes 2 min speech.wps
[2014/03/22 19:36:45 | 021,857,110 | ---- | M] () -- C:\Users\Jim\Desktop\Friday Opening Keynote Address Carl Medearis.mp3
[2014/03/22 19:35:19 | 001,428,054 | ---- | M] () -- C:\Users\Jim\Desktop\FM Static - Definitely Maybe.mp3
[2014/03/22 19:33:37 | 001,049,942 | ---- | M] () -- C:\Users\Jim\Desktop\DSCN3115.JPG
[2014/03/22 19:33:02 | 000,025,430 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2014/03/22 19:33:02 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:26:16 | 000,008,022 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\3nc3p73o15Y45Z05T0aagde8f0e263be81b23[1].jpg
[2014/03/22 19:11:23 | 000,002,777 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | M] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | M] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | M] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
[2014/03/15 12:36:45 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2014/03/27 15:59:46 | 1063,718,912 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/27 14:53:32 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/03/26 14:01:04 | 000,054,682 | ---- | C] () -- C:\Users\Jim\Documents\cc_20140326_140059.reg
[2014/03/26 13:49:54 | 000,000,914 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2014/03/26 13:49:53 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014/03/26 13:38:58 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/25 12:34:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/03/24 19:52:32 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/03/23 16:49:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/23 16:49:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/23 16:49:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/23 16:49:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/23 16:49:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/23 14:58:01 | 000,000,276 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{099ECE07-08EE-4FE1-8BD9-554F7F0B6D6D}.job
[2014/03/22 21:05:20 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.HTML
[2014/03/22 21:05:20 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW_DECRYPT.URL
[2014/03/22 20:57:53 | 000,002,777 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.HTML
[2014/03/22 20:57:53 | 000,000,133 | ---- | C] () -- C:\Users\Public\Documents\HOW_DECRYPT.URL
[2014/03/22 20:57:52 | 000,002,777 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.HTML
[2014/03/22 20:57:52 | 000,000,133 | ---- | C] () -- C:\Users\Jim\HOW_DECRYPT.URL
[2014/03/22 19:47:49 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.HTML
[2014/03/22 19:47:49 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Documents\HOW_DECRYPT.URL
[2014/03/22 19:33:02 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.HTML
[2014/03/22 19:33:02 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\HOW_DECRYPT.URL
[2014/03/22 19:26:17 | 000,002,777 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.HTML
[2014/03/22 19:26:17 | 000,000,133 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW_DECRYPT.URL
[2014/03/22 19:11:23 | 000,002,777 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.HTML
[2014/03/22 19:11:23 | 000,000,133 | ---- | C] () -- C:\Users\Jim\AppData\Local\HOW_DECRYPT.URL
[2014/03/22 19:06:40 | 000,002,777 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.HTML
[2014/03/22 19:06:40 | 000,000,133 | ---- | C] () -- C:\ProgramData\HOW_DECRYPT.URL
[2014/03/22 18:39:33 | 000,059,904 | -H-- | C] () -- C:\Users\Jim\AppData\Roaming\zlib1.dll
[2010/08/30 11:51:07 | 000,000,000 | ---- | C] () -- C:\Users\Jim\jagex__preferences3.dat
[2010/08/30 11:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences2.dat
[2010/08/30 11:49:22 | 000,000,046 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences.dat
[2009/07/03 18:06:06 | 000,002,198 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\SAS7_000.DAT
[2008/10/24 14:17:23 | 000,025,430 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2008/10/15 13:42:26 | 000,005,568 | ---- | C] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2007/06/20 19:28:08 | 000,000,632 | RHS- | C] () -- C:\Users\Jim\ntuser.pol
[2007/05/27 14:43:50 | 000,000,746 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2007/03/21 13:26:28 | 000,028,672 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/26 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EurekaLab s.a.s
[2007/10/06 10:43:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GARMIN
[2014/03/22 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Nuance
[2008/10/24 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PeerNetworking
[2007/05/27 14:43:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2009/11/09 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2014/03/22 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\{BD1252B4-9CB6-4B0B-AB44-972A81AF2571}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD
< End of report >
OTL Extras logfile created on: 3/29/2014 3:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.71 Mb Total Physical Memory | 237.93 Mb Available Physical Memory | 23.47% Memory free
2.44 Gb Paging File | 1.36 Gb Available in Paging File | 55.71% Paging File free
Paging file location(s): c:\pagefile.sys 1521 1521 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 37.99 Gb Free Space | 38.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{767C0171-B181-4C43-8A2B-66ADF14AFEC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB9586D-67C8-430E-91B0-41DA1AA29FA7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A84DE063-ED1D-4C08-93FF-B43BC453986D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA0D1E0D-6C18-484E-8F08-668C446A8E9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3B6FEA29-AEFF-487B-A1FA-A6EF4399BB02}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{95D65433-D123-419E-8569-F2D6A94840FF}C:\users\jim\appdata\local\temp\3226.tmp" = protocol=6 | dir=in | app=c:\users\jim\appdata\local\temp\3226.tmp |
"UDP Query User{4B3AE5A3-FE2A-4A20-94F1-91EF06BCD219}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{BAF4F26C-55C5-4CA0-9725-9C1654D2EF97}C:\users\jim\appdata\local\temp\3226.tmp" = protocol=17 | dir=in | app=c:\users\jim\appdata\local\temp\3226.tmp |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8131E9E7-BA33-472D-99AE-231457F5027F}" = Garmin Communicator Plugin
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{99B66D96-5BB2-42DF-BF7C-432285A1E5A5}" = LEGO MINDSTORMS NXT Driver
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDE4B478-F489-444D-900C-A9812569E6D2}" = LEGO MINDSTORMS NXT Software v1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2B8DB3C-E5F0-48CA-810E-87DFD5603DC2}" = LEGO MINDSTORMS NXT - English Language Pack
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Photo Printer 720" = Dell Photo Printer 720
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GraphicView 32" = GraphicView 32
"GSAK_is1" = GSAK 7.2.0.126 (Final)
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SnowFox Total Video Converter_is1" = SnowFox Total Video Converter 2.5.1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent dell Master Uninstall" = Dell Games
"WT024486" = Wheel of Fortune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/27/2014 3:43:45 PM | Computer Name = Jim-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x8004FF80.
Error - 3/27/2014 4:06:00 PM | Computer Name = Jim-PC | Source = EventSystem | ID = 4609
Description =
Error - 3/27/2014 6:10:12 PM | Computer Name = Jim-PC | Source = System Restore | ID = 8193
Description =
Error - 3/27/2014 6:58:49 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 3/27/2014 7:05:15 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program osk.exe version 6.0.6002.18005 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b78 Start Time: 01cf4a10c1f843f9 Termination Time: 15
Error - 3/27/2014 7:06:07 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d30 Start Time: 01cf4a10cc0310f9 Termination Time: 0
Error - 3/28/2014 3:28:01 PM | Computer Name = Jim-PC | Source = MsiInstaller | ID = 11921
Description =
Error - 3/28/2014 3:33:24 PM | Computer Name = Jim-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x8004FF80.
Error - 3/28/2014 7:47:00 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program osk.exe version 6.0.6002.18005 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b10 Start Time: 01cf4add66d3b859 Termination Time: 0
Error - 3/29/2014 6:55:44 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: cf4 Start Time: 01cf4b9fd595abc5 Termination Time: 78
Error encountered while reading event logs.
< End of report >