Solved IBM Desktop Probs-Malware?

kaythos · 2014/02/08

Here is the last part.

A((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayExcluded]
@= "{32427327-aea5-4bef-811a-b1bd00daf4b4} "
[HKEY_CLASSES_ROOT\CLSID\{32427327-aea5-4bef-811a-b1bd00daf4b4}]
2013-12-12 04:09 598880 ----a-r- c:\program files\Norton Zone\Engine\1.1.0.4\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayPending]
@= "{2cfec48b-08ec-4361-8575-7c0da17ab7a5} "
[HKEY_CLASSES_ROOT\CLSID\{2cfec48b-08ec-4361-8575-7c0da17ab7a5}]
2013-12-12 04:09 598880 ----a-r- c:\program files\Norton Zone\Engine\1.1.0.4\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlaySynced]
@= "{a9e700bc-92b0-403e-96b3-b87b06ff9d3a} "
[HKEY_CLASSES_ROOT\CLSID\{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}]
2013-12-12 04:09 598880 ----a-r- c:\program files\Norton Zone\Engine\1.1.0.4\nzovrlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Detective "= "c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2013-09-19 3988888]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ibmmessages "= "c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"Symantec PIF AlertEng "= "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mobilegeni daemon "= "c:\program files\Mobogenie\DaemonProcess.exe" [2013-12-13 761024]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2013-11-11 15711008]
"NvMediaCenter "= "NvMCTray.dll" [2013-11-11 209184]
"nwiz "= "c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-11 2602784]
"Nvtmru "= "c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"IBMPRC "= "c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"ibmmessages "= "c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"ddoctorv2 "= "c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Creative WebCam Tray "= "c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"Daemon for Mouse Suite "= "c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2013-03-26 69632]
"TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 536576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort "=2 (0x2)
"iPod Service "=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\LogMeIn Rescue Applet\\LMIR0001.tmp\\lmi_rescue.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\WINDOWS\\system32\\ARFC\\wrtc.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe "=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe "=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
.
R?2 gupdate1ca0d2ccdad8f4a;Google Update Service (gupdate1ca0d2ccdad8f4a);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 8:35 AM 133104]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1501000.012\symds.sys [10/10/2013 6:30 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1501000.012\symefa.sys [10/10/2013 6:30 PM 935512]
R1 BHDrvx86;BHDrvx86;c:\program files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1/22/2014 2:33 PM 1098968]
R1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAV\1501000.012\ccsetx86.sys [10/10/2013 6:30 PM 127064]
R1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\NZ\0101000.004\ccsetx86.sys [12/17/2013 6:45 AM 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1501000.012\ironx86.sys [10/10/2013 6:30 PM 206936]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 7:34 PM 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/21/2013 8:42 PM 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\IPSDefs\20140203.001\IDSXpx86.sys [2/4/2014 7:30 AM 383120]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [1/11/2006 11:03 AM 91830]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 7:34 PM 193696]
S2 HeadlineAlley_29Service;HeadlineAlleyService;c:\progra~1\HEADLI~2\bar\1.bin\29barsvc.exe [11/12/2013 6:34 AM 44752]
S3 HPx9G+;HPx9G+; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2/1/2014 11:56 AM 40776]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [4/30/2013 1:18 AM 10112]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/8/2012 3:21 PM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 16:29 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 17:18]
.
2014-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2014-02-04 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-02-04 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-02-03 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-02-03 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-09-03 c:\windows\Tasks\DisketchReminder.job
- c:\program files\NCH Software\Disketch\disketch.exe [2012-08-24 19:13]
.
2014-02-02 c:\windows\Tasks\Driver Detective-RTMRules.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-19 13:31]
.
2014-01-23 c:\windows\Tasks\Driver Detective-RTMScan.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-19 13:31]
.
2014-01-25 c:\windows\Tasks\Driver Detective-RTMUpdater.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-19 13:31]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:35]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:35]
.
2014-02-04 c:\windows\Tasks\Norton Security Scan for Kevin.job
- c:\progra~1\NORTON~4\Engine\403~1.24\Nss.exe [2013-10-10 04:10]
.
2014-02-03 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2013-09-30 18:24]
.
2014-02-04 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2014-01-04 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30 18:24]
.
2013-06-24 c:\windows\Tasks\PhotoPadReminder.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2012-08-24 19:12]
.
2013-12-29 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-08-24 19:13]
.
2014-02-04 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2013-11-13 15:55]
.
2014-02-04 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2013-11-13 18:02]
.
2014-01-04 c:\windows\Tasks\RegCure Pro.job
- c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-09-30 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: desktop
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1899743152&ir=
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-12-05 10:17; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.2.1\IPSFF
FF - ExtSQL: 2013-12-06 15:59; firefox@browsesmart.net; c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\firefox@browsesmart.net.xpi
FF - ExtSQL: 2013-12-12 23:09; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-12-12 23:09; ffxtlbr@mysearchdial.com; c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\ffxtlbr@mysearchdial.com
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1899743152&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1899743152&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1899743152&ir=&q=
FF - user.js: extensions.mysearchdial.id - 00FF80A4B48A12B8
FF - user.js: extensions.mysearchdial.instlDay - 16051
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.017:5:50
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - file1202
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1899743152
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - file1202
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1899743152
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7112C1C4-09D9-4950-A8CF-523544076014} - (no file)
HKCU-Run-DW4 - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
Notify-AtiExtEvent - (no file)
AddRemove-Random House Webster's Unabridged Dictionary - c:\program files\Random House
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-04 12:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath "= "\ "c:\program files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe\" /s \ "NAV\" /m \ "c:\program files\Norton AntiVirus\Engine\21.1.0.18\diMaster.dll\" /prefetch:1 "
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath "= "\ "c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \ "NSL\" /m \ "c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1 "
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NZ]
"ImagePath "= "\ "c:\program files\Norton Zone\Engine\1.1.0.4\NZ.exe\" /s \ "NZ\" /m \ "c:\program files\Norton Zone\Engine\1.1.0.4\diMaster.dll\" /prefetch:1 "
"ImagePath "= "\SystemRoot\System32\Drivers\NAV\1501000.012\SYMTDI.SYS "
"TrustedImagePaths "= "c:\program files\Norton AntiVirus\Engine\21.1.0.18 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\ ´*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"firstLaunch "= "false "
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3532)
c:\windows\system32\WININET.dll
c:\program files\Norton Zone\Engine\1.1.0.4\NZOvrlay.dll
c:\program files\Norton Zone\Engine\1.1.0.4\UIDataPr.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Norton Zone\Engine\1.1.0.4\FAMShExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Lenovo\Lenovo Mouse Suite\pelscrll.dll
c:\program files\Lenovo\Lenovo Mouse Suite\PELCOMM.dll
c:\program files\Lenovo\Lenovo Mouse Suite\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Mobogenie\MgAssist.exe
c:\program files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Norton Zone\Engine\1.1.0.4\NZ.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Norton Zone\Engine\1.1.0.4\NZ.exe
c:\program files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
c:\program files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Google\Update\Install\{71AA629D-892B-4310-BEC6-8BD3E91975C2}\32.0.1700.107_32.0.1700.102_chrome_updater.exe
c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_F9FF3.tmp\setup.exe
.
**************************************************************************
.
Completion time: 2014-02-04 13:50:54 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-04 18:50
.
Pre-Run: 97,061,416,960 bytes free
Post-Run: 97,846,517,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 2DFA4C71BDD630AA4F3FBA94A9B2ECF1
CEB20769FC83AE7BF20428CF13740A99

broni · 2014/02/08

Uninstall RegCure Pro.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

kaythos · 2014/02/08

Thanks Broni,

I will get on with that.

kaythos

kaythos · 2014/02/09

Hi Broni;

Here is the AdvCleaner logfile. I have yet to the other two scans.

kaythos

# AdwCleaner v3.018 - Report created 09/02/2014 at 11:18:31
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kevin - DESKTOP
# Running from : C:\Documents and Settings\Kevin\My Documents\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : MapsGalaxy_39Service

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\user.js
File Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\user.js
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\Extensions\ffxtlbr@mysearchdial.com
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Kevin\Application Data\DriverCure
Folder Found C:\Documents and Settings\Kevin\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Kevin\Application Data\pccustubinstaller
Folder Found C:\Documents and Settings\Kevin\Application Data\Systweak
Folder Found C:\Documents and Settings\Kevin\Local Settings\Application Data\apn
Folder Found C:\Documents and Settings\Kevin\Local Settings\Application Data\Conduit
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\Software Update Utility
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\mapsgalaxy_39
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\MapsGalaxy_39
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\wnlt
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\MapsGalaxy_39
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Found : HKLM\Software\mysearchdial
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1899743152&ir=

-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\prefs.js ]

Line Found : user_pref( "browser.startup.homepage ", "hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R[...]
Line Found : user_pref( "browser.search.selectedEngine ", "Mysearchdial ");
Line Found : user_pref( "browser.search.defaultenginename ", "Mysearchdial ");

[ File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\prefs.js ]

Line Found : user_pref( "FirstSearch.aol_toolbar.search.hasDoneFirst ", 13);
Line Found : user_pref( "aol_toolbar.aolmail.address ", " ");
Line Found : user_pref( "aol_toolbar.aolmail.count ", "0 ");
Line Found : user_pref( "aol_toolbar.aolmail.id ", "value ");
Line Found : user_pref( "aol_toolbar.aolmail.imagelist.layout ", "empty ");
Line Found : user_pref( "aol_toolbar.aolmail.popup.autoclose ", "true ");
Line Found : user_pref( "aol_toolbar.aolmail.user ", " ");
Line Found : user_pref( "aol_toolbar.buttons.layout ", "mapquest_40872;netflix_46519;techcrunch_47552;radio_46530; ");
Line Found : user_pref( "aol_toolbar.calendar.date ", "{system.date.timestamp} ");
Line Found : user_pref( "aol_toolbar.calendar.displaydate ", "{system.date.locale} ");
Line Found : user_pref( "aol_toolbar.calendar.timestamp ", "1391916128794 ");
Line Found : user_pref( "aol_toolbar.curtain.congrats ", "none ");
Line Found : user_pref( "aol_toolbar.default.historybutton.num ", "4 ");
Line Found : user_pref( "aol_toolbar.firsttime.showwindow ", false);
Line Found : user_pref( "aol_toolbar.guid ", "{CD235685-17AD-1512-D3B2-A932B5502167} ");
Line Found : user_pref( "aol_toolbar.historybutton.active ", true);
Line Found : user_pref( "aol_toolbar.historybutton.enabled ", true);
Line Found : user_pref( "aol_toolbar.historybutton.ignoreids ", "1303 ");
Line Found : user_pref( "aol_toolbar.historybutton.watchids ", "23 ");
Line Found : user_pref( "aol_toolbar.historybutton.watchlist ", "1 ");
Line Found : user_pref( "aol_toolbar.historybutton.watchtimes ", "4 ");
Line Found : user_pref( "aol_toolbar.homepageprotection.enabled ", false);
Line Found : user_pref( "aol_toolbar.install.distroid ", "aol ");
Line Found : user_pref( "aol_toolbar.install.homepage ", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023&tb_uuid=A84B651EA6FF44A38EB7A245930DFC1D ");
Line Found : user_pref( "aol_toolbar.install.lastTbVersion ", "5.74.1.9964 ");
Line Found : user_pref( "aol_toolbar.install.lid ", "hyplognew00000010 ");
Line Found : user_pref( "aol_toolbar.install.mtmhp ", "hyplogusaolp00000023 ");
Line Found : user_pref( "aol_toolbar.install.ncid ", " ");
Line Found : user_pref( "aol_toolbar.install.newtab ", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000081&tb_uuid=A84B651EA6FF44A38EB7A245930DFC1D ");
Line Found : user_pref( "aol_toolbar.install.sethomepage ", "0 ");
Line Found : user_pref( "aol_toolbar.install.setnewtab ", "0 ");
Line Found : user_pref( "aol_toolbar.install.setsearch ", "0 ");
Line Found : user_pref( "aol_toolbar.install.type ", "new ");
Line Found : user_pref( "aol_toolbar.metrics.activestampdate ", "8 ");
Line Found : user_pref( "aol_toolbar.metrics.activestampmonth ", "1 ");
Line Found : user_pref( "aol_toolbar.metrics.activestampyear ", "2014 ");
Line Found : user_pref( "aol_toolbar.metrics.log ", false);
Line Found : user_pref( "aol_toolbar.metrics.originalDate ", "8 ");
Line Found : user_pref( "aol_toolbar.metrics.originalHours ", "5 ");
Line Found : user_pref( "aol_toolbar.metrics.originalMinutes ", "0 ");
Line Found : user_pref( "aol_toolbar.metrics.originalMonth ", "1 ");
Line Found : user_pref( "aol_toolbar.metrics.originalSeconds ", "0 ");
Line Found : user_pref( "aol_toolbar.metrics.originalYear ", "2014 ");
Line Found : user_pref( "aol_toolbar.presethomepage ", "mysearchdial.com ");
Line Found : user_pref( "aol_toolbar.presetnewtab ", "about:newtab ");
Line Found : user_pref( "aol_toolbar.presetsearch ", "Mysearchdial ");
Line Found : user_pref( "aol_toolbar.relatednews.enabled ", false);
Line Found : user_pref( "aol_toolbar.remote.config.js ", " ");
Line Found : user_pref( "aol_toolbar.remote.historyconfig.js ", " ");
Line Found : user_pref( "aol_toolbar.remote.publish.xml ", "1391831544255 ");
Line Found : user_pref( "aol_toolbar.remote.searchterm.js ", " ");
Line Found : user_pref( "aol_toolbar.resetprompt.skip ", false);
Line Found : user_pref( "aol_toolbar.rtw.active ", false);
Line Found : user_pref( "aol_toolbar.search.button ", true);
Line Found : user_pref( "aol_toolbar.search.cid ", "08-01-2014 ");
Line Found : user_pref( "aol_toolbar.search.focusnewtab ", true);
Line Found : user_pref( "aol_toolbar.search.instd ", "A84B651EA6FF44A38EB7A245930DFC1D ");
Line Found : user_pref( "aol_toolbar.search.newtab ", true);
Line Found : user_pref( "aol_toolbar.search.oid ", "08-01-2014 ");
Line Found : user_pref( "aol_toolbar.search.placement ", "right ");
Line Found : user_pref( "aol_toolbar.search.populateoncomplete ", false);
Line Found : user_pref( "aol_toolbar.search.savehistory ", false);
Line Found : user_pref( "aol_toolbar.search.searchtype ", "web ");
Line Found : user_pref( "aol_toolbar.search.source ", "adknowledgeaol-ff ");
Line Found : user_pref( "aol_toolbar.searchprotection.enabled ", false);
Line Found : user_pref( "aol_toolbar.skin.custom ", false);
Line Found : user_pref( "aol_toolbar.toolbar.langlocale ", "en-US ");
Line Found : user_pref( "aol_toolbar.uninstallreset ", "3 ");
Line Found : user_pref( "aol_toolbar.upgrade.showwindow ", false);
Line Found : user_pref( "aol_toolbar.weather.condition ", "26_n ");
Line Found : user_pref( "aol_toolbar.weather.degc ", "-11 ");
Line Found : user_pref( "aol_toolbar.weather.degf ", "12 ");
Line Found : user_pref( "aol_toolbar.weather.degrees ", "F ");
Line Found : user_pref( "aol_toolbar.weather.lastupdate ", " ");
Line Found : user_pref( "aol_toolbar.weather.locationid ", "USPA0138 ");
Line Found : user_pref( "aol_toolbar.weather.zipcode ", " ");
Line Found : user_pref( "aol_toolbar.widgets.layout ", "aolmail,calendar,weather ");
Line Found : user_pref( "aol_toolbar.widgets.log ", false);
Line Found : user_pref( "aol_toolbar.widgets.timestamp ", "1391831552874 ");
Line Found : user_pref( "aol_toolbar.widgets.version ", "5.74.1.9964 ");
Line Found : user_pref( "browser.search.defaultenginename ", "Mysearchdial ");
Line Found : user_pref( "browser.search.order.1 ", "Mysearchdial ");
Line Found : user_pref( "browser.search.selectedEngine ", "Mysearchdial ");
Line Found : user_pref( "browser.startup.homepage ", "hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R[...]
Line Found : user_pref( "extensions.crossrider.bic ", "1435394f92acd96a39c2e391d104034c ");
Line Found : user_pref( "extensions.enabledAddons ", "ffxtlbr%40mysearchdial.com:1.6.0,firefox%40browsesmart.net:1.0.0,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,%7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.[...]
Line Found : user_pref( "extensions.mysearchdial.aflt ", "file1202 ");
Line Found : user_pref( "extensions.mysearchdial.appId ", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} ");
Line Found : user_pref( "extensions.mysearchdial.cd ", "2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R ");
Line Found : user_pref( "extensions.mysearchdial.cntry ", "US ");
Line Found : user_pref( "extensions.mysearchdial.cr ", "1899743152 ");
Line Found : user_pref( "extensions.mysearchdial.dfltLng ", " ");
Line Found : user_pref( "extensions.mysearchdial.dfltSrch ", true);
Line Found : user_pref( "extensions.mysearchdial.dnsErr ", true);
Line Found : user_pref( "extensions.mysearchdial.dpk ", " ");
Line Found : user_pref( "extensions.mysearchdial.dpkLst ", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref( "extensions.mysearchdial.excTlbr ", false);
Line Found : user_pref( "extensions.mysearchdial.hdrMd5 ", "940D6FD10AE8520F1E4A9CD2DD325D4E ");
Line Found : user_pref( "extensions.mysearchdial.hmpg ", true);
Line Found : user_pref( "extensions.mysearchdial.hmpgUrl ", "hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCy[...]
Line Found : user_pref( "extensions.mysearchdial.id ", "00FF80A4B48A12B8 ");
Line Found : user_pref( "extensions.mysearchdial.instlDay ", "16051 ");
Line Found : user_pref( "extensions.mysearchdial.instlRef ", " ");
Line Found : user_pref( "extensions.mysearchdial.lastB ", "hxxp://start.mysearchdial.com/?f=1&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1[...]
Line Found : user_pref( "extensions.mysearchdial.lastVrsnTs ", " ");
Line Found : user_pref( "extensions.mysearchdial.newTabUrl ", "hxxp://start.mysearchdial.com/?f=2&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut[...]
Line Found : user_pref( "extensions.mysearchdial.pnu_base ", "{\ "newVrsn\ ":\ "90\ ",\ "lastVrsn\ ":\ "90\ ",\ "vrsnLoad\ ":\ "\ ",\ "showMsg\ ":\ "false\ ",\ "showSilent\ ":\ "true\ ",\ "msgTs\ ":0,\ "lstMsgTs\ ":\ "0\ "} ");
Line Found : user_pref( "extensions.mysearchdial.prdct ", "mysearchdial ");
Line Found : user_pref( "extensions.mysearchdial.prtnrId ", "mysearchdial ");
Line Found : user_pref( "extensions.mysearchdial.sg ", "{smplGrp} ");
Line Found : user_pref( "extensions.mysearchdial.srchPrvdr ", "Mysearchdial ");
Line Found : user_pref( "extensions.mysearchdial.tlbrId ", "base ");
Line Found : user_pref( "extensions.mysearchdial.tlbrSrchUrl ", "hxxp://start.mysearchdial.com/?f=3&a=file1202&cd=2XzuyEtN2Y1L1QzutDtD0F0FzztD0AyE0ByEzz0AtCtB0BzztN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Cz[...]
Line Found : user_pref( "extensions.mysearchdial.vrsn ", "1.8.21.0 ");
Line Found : user_pref( "extensions.mysearchdial.vrsni ", "1.8.21.0 ");
Line Found : user_pref( "extensions.mysearchdial_i.hmpg ", true);
Line Found : user_pref( "extensions.mysearchdial_i.newTab ", false);
Line Found : user_pref( "extensions.mysearchdial_i.smplGrp ", "none ");
Line Found : user_pref( "extensions.mysearchdial_i.vrsnTs ", "1.8.21.017:5:50 ");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage
Found : homepage
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage

*************************

AdwCleaner[R0].txt - [20975 octets] - [09/02/2014 11:18:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21036 octets] ########

kaythos · 2014/02/10

Hi Broni;

Here is the JRT log.

kaythos

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Kevin on Sun 02/09/2014 at 16:50:59.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] Util RightSurf
Successfully deleted: [Service] Util RightSurf
Successfully stopped: [Service] Update RightSurf
Successfully deleted: [Service] Update RightSurf

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422772218}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D45B99B2-D87C-499D-98AC-3216792EABAE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D45B99B2-D87C-499D-98AC-3216792EABAE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}

~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Kevin\appdata\locallow\SkwConfig.bin "

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\aol toolbar "
Successfully deleted: [Folder] "C:\Documents and Settings\Kevin\Application Data\fixcleaner "
Successfully deleted: [Folder] "C:\Documents and Settings\Kevin\Application Data\getrighttogo "
Successfully deleted: [Folder] "C:\Documents and Settings\Kevin\Local Settings\Application Data\aol toolbar "
Successfully deleted: [Folder] "C:\Documents and Settings\Kevin\Local Settings\Application Data\cre "
Successfully deleted: [Folder] "C:\Documents and Settings\Kevin\Local Settings\Application Data\filetypeassistant "
Successfully deleted: [Folder] "C:\Program Files\RightSurf "
Successfully deleted: [Folder] "C:\Program Files\aol toolbar "
Successfully deleted: [Folder] "C:\Program Files\bearshare applications "
Successfully deleted: [Folder] "C:\Program Files\fixcleaner "
Successfully deleted: [Folder] "C:\Program Files\headlinealley_29 "

~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Kevin\Application Data\mozilla\firefox\profiles\wjqb4ex1.default-1386259525234\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted the following from C:\Documents and Settings\Kevin\Application Data\mozilla\firefox\profiles\wjqb4ex1.default-1386259525234\prefs.js

user_pref( "aol_toolbar.presethomepage ", "mysearchdial.com ");
user_pref( "aol_toolbar.presetsearch ", "Mysearchdial ");
user_pref( "aol_toolbar.search.searchtype ", "web ");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 17:30:13.89
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kaythos · 2014/02/10

Broni;

Here is the first part of the OTL log.

OTL logfile created on: 2/9/2014 5:37:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 73.26% Memory free
3.34 Gb Paging File | 2.50 Gb Available in Paging File | 74.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 90.11 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/09 16:22:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\My Documents\Downloads\OTL.exe
PRC - [2014/01/27 07:26:42 | 000,063,168 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/12/13 02:40:31 | 000,761,024 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/11 23:10:05 | 000,522,592 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Zone\Engine\1.1.0.4\nz.exe
PRC - [2013/11/08 15:49:00 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 15:48:21 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\nav.exe
PRC - [2013/09/19 08:31:20 | 003,988,888 | ---- | M] (PC Drivers Headquarters) -- C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
PRC - [2013/03/26 09:57:52 | 000,069,632 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
PRC - [2013/03/26 00:18:36 | 000,168,034 | ---- | M] (Primax Electronics Ltd.) -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2009/08/12 17:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/20 16:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
PRC - [2008/05/20 17:28:29 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2004/12/16 06:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/12/11 00:03:00 | 000,446,464 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004/10/14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/27 07:26:42 | 000,063,168 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
MOD - [2013/12/13 02:40:31 | 000,761,024 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/11/23 16:56:13 | 000,119,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\38bf11b94d665897b01956344117830c\XPBurnComponent.ni.dll
MOD - [2013/11/23 16:56:12 | 000,150,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\4d21b983457e1f5dc69b828b351d6a6f\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
MOD - [2013/11/23 16:56:10 | 000,304,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\3206128bdef7662ba21c85256f416db2\Microsoft.Practices.ObjectBuilder.ni.dll
MOD - [2013/11/23 16:56:07 | 000,309,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\5d26bb83e941f15aff44baf32b88e80c\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
MOD - [2013/11/23 16:56:05 | 000,248,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\879018a8d927d7d812dcf75c6161dd73\Microsoft.ApplicationBlocks.Updater.ni.dll
MOD - [2013/11/23 16:56:03 | 001,810,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\RuleEngine\a358a4ce3654fced2cd71011d64ade0e\RuleEngine.ni.dll
MOD - [2013/11/23 16:56:00 | 000,357,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\57df8d39cf17690b5ef5289f848cb66b\Microsoft.Win32.TaskScheduler.ni.dll
MOD - [2013/11/23 16:55:57 | 001,241,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Agent.Communication\d090738d7c13c0b97b90a2fb8415af42\Agent.Communication.ni.dll
MOD - [2013/11/23 16:55:54 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\f5359b81cb35a69bfdab1c2421b7abcb\Interop.WUApiLib.ni.dll
MOD - [2013/11/23 16:55:49 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\450593325b8c9ae9bf201eaed5e0f6b2\ExceptionLogging.ni.dll
MOD - [2013/11/23 16:55:47 | 003,320,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Common\705e4022cae2cf297da54254da3d8b50\Common.ni.dll
MOD - [2013/11/23 16:55:41 | 000,987,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Agent.Common\371e0762d333fd10db171e3ccd989f16\Agent.Common.ni.dll
MOD - [2013/11/23 16:55:38 | 008,408,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Agent\479df29ef015e67ac55cafd8f94f546c\Agent.ni.exe
MOD - [2013/10/21 19:36:24 | 036,571,952 | R--- | M] () -- C:\Program Files\Norton Zone\Engine\1.1.0.4\libcef.dll
MOD - [2013/10/10 11:19:44 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 11:10:52 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/10 11:03:07 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/09/19 08:31:26 | 000,412,064 | ---- | M] () -- C:\Program Files\PC Drivers HeadQuarters\Driver Detective\Agent.Communication.XmlSerializers.dll
MOD - [2013/09/19 08:30:52 | 000,823,168 | ---- | M] () -- C:\Program Files\PC Drivers HeadQuarters\Driver Detective\ThemePack.Default.dll
MOD - [2013/08/15 12:07:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/15 11:38:35 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013/08/15 11:38:31 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 11:38:22 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 10:31:25 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 10:28:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 10:25:19 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/08/15 10:15:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 10:23:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2008/11/20 16:27:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
MOD - [2008/05/20 17:28:29 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/05/20 17:28:29 | 000,357,768 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/03/23 03:33:30 | 000,176,128 | ---- | M] () -- C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll
MOD - [2004/01/09 09:10:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HP Status)
SRV - File not found [Auto | Stopped] -- -- (HP Status Print)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\HEADLI~2\bar\1.bin\29barsvc.exe -- (HeadlineAlley_29Service)
SRV - [2014/02/04 21:19:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 01:54:11 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/27 07:26:42 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 23:10:05 | 000,522,592 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Zone\Engine\1.1.0.4\NZ.exe -- (NZ)
SRV - [2013/11/08 15:48:21 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/08 06:46:16 | 000,262,288 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe -- (NAV)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2009/08/12 17:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/05/20 17:28:29 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/28 19:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/02/12 01:35:42 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/03/29 11:46:53 | 000,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2005/10/06 22:18:26 | 000,385,024 | ---- | M] () [Auto | Stopped] -- c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HPx9G+)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/02/04 13:51:17 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV - [2014/02/04 10:46:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/02/01 05:17:36 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\VirusDefs\20140208.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/01 05:17:36 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/02/01 05:17:36 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\VirusDefs\20140208.009\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/20 22:07:51 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\IPSDefs\20140207.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.0.2.1\Definitions\BASHDefs\20140121.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 06:49:54 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/10 15:15:43 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\symefa.sys -- (SymEFA)
DRV - [2013/09/26 21:26:03 | 000,651,352 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,421,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NZ\0101000.004\ccsetx86.sys -- (ccSet_NZ)
DRV - [2013/09/25 21:50:25 | 000,127,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\ccsetx86.sys -- (ccSet_NAV)
DRV - [2013/07/31 22:19:50 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\symds.sys -- (SymDS)
DRV - [2013/07/30 23:13:30 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\ironx86.sys -- (SymIRON)
DRV - [2013/07/30 22:44:44 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/07/08 05:44:18 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/04/30 01:18:22 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2013/03/19 17:04:52 | 000,026,624 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2012/11/28 15:30:12 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2009/08/12 17:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2006/09/21 03:53:16 | 000,004,442 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\_tpb0000.tmp\TPPWRIF.sys -- (TPPWRIF)
DRV - [2006/09/13 00:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/07/29 11:05:39 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/11 13:49:28 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/02/01 20:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/12/16 07:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/06 20:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/14 13:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/07/29 20:55:48 | 000,091,830 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2004/02/25 02:22:00 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/02/25 02:20:22 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/25 02:18:46 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [1999/12/31 19:00:00 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1006\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..keyword.URL: " "
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@HeadlineAlley_29.com/Plugin: C:\Program Files\HeadlineAlley_29\bar\1.bin\NP29Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/02/09 16:27:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\BearSharePlugin: C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/01/07 07:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.2.1\IPSFF [2013/10/10 18:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com: C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com [2013/11/20 16:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/13 12:20:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:49:07 | 000,000,000 | ---D | M]

[2008/08/28 11:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/02/05 11:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\extensions
[2013/12/12 17:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\extensions\staged
[2014/02/09 17:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions
[2014/02/04 16:48:35 | 000,000,000 | ---D | M] ( "Plus-HD-5.0 ") -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
[2014/02/07 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData
[2014/02/07 10:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\plugins
[2014/02/07 10:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com\extensionData\userCode
[2013/12/06 15:59:04 | 000,007,355 | ---- | M] () (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\extensions\firefox@browsesmart.net.xpi
[2014/02/04 00:56:20 | 000,009,074 | ---- | M] () (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\2br9jvaj.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
[2013/12/06 15:59:04 | 000,007,355 | ---- | M] () (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\firefox@browsesmart.net.xpi
[2014/02/04 00:56:20 | 000,009,074 | ---- | M] () (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\wjqb4ex1.default-1386259525234\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
[2013/11/20 16:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/17 10:37:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/17 10:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/17 10:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/17 10:37:57 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2013/11/20 16:51:40 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com
[2013/11/17 10:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/05 11:27:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2004/04/27 19:31:32 | 000,503,808 | ---- | M] (Lizardtech Software) -- C:\Program Files\mozilla firefox\plugins\npexview.dll
[2008/11/04 21:05:04 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0\

O1 HOSTS File: ([2014/02/04 12:47:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (HP Smart Print Helper) - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)

kaythos

kaythos · 2014/02/10

Broni;

Here is part 2 of the OTL log

O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [IBMPRC] c:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKU\S-1-5-21-3082707984-796126014-4124865413-1006..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3082707984-796126014-4124865413-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print 2.1 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe (Hewlett-Packard)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..Trusted Domains: desktop ([]file in Trusted sites)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ControlInstaller Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://usaive.ap.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E24F163E-8079-418D-8F30-B2BCE082701E}: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 14:46:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 16:27:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/09 11:18:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/05 10:50:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/04 16:11:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/02/04 13:51:17 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/02/04 11:29:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/04 11:23:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/04 11:23:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/04 11:23:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/04 11:23:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/04 11:14:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/04 11:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/02 11:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Posts
[2014/02/01 11:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/02/01 11:56:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/01 11:53:48 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/01 11:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\mbar
[2014/02/01 10:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\22203
[2014/02/01 10:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\BearShare
[2014/02/01 10:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/31 10:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/31 10:20:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/31 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/19 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\DDS Logs
[2014/01/18 22:08:02 | 000,000,000 | ---D | C] -- C:\Norton
[2014/01/18 07:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\NPE
[2014/01/17 16:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2009/12/13 09:05:16 | 000,327,000 | ---- | C] (Microsoft Corporation) -- C:\Program Files\InstallManager_Bing_Microsoft.exe
[2009/07/23 08:24:58 | 008,117,208 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.1.exe
[2009/04/14 10:20:36 | 001,143,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/04/13 16:20:50 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/02/28 17:44:53 | 023,516,968 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetupFull.exe
[2008/08/09 05:31:25 | 004,891,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.2.0.exe
[2008/05/17 16:57:07 | 004,257,184 | ---- | C] (Uniblue ) -- C:\Program Files\registryboosteraff.exe
[2008/01/01 18:20:03 | 012,438,648 | ---- | C] (W3i, LLC) -- C:\Program Files\ezcalendarFree.exe
[2007/12/31 23:49:46 | 005,636,048 | ---- | C] (CNN ) -- C:\Program Files\wmvfirefoxpluginsetup.exe
[2007/11/22 10:35:04 | 054,330,664 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes75Setup.exe
[2007/10/29 12:05:28 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2007/10/21 16:56:01 | 065,449,972 | ---- | C] (IMSI Design LLC ) -- C:\Program Files\DesignCAD3DMax18-ESD.exe
[2007/03/25 18:01:16 | 021,935,408 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2007/03/09 08:56:07 | 000,363,816 | ---- | C] (Digital River, Inc.) -- C:\Program Files\download-TurboCADDeluxe12Trial.exe.exe
[2007/02/27 13:52:31 | 009,583,328 | ---- | C] (Comcast ) -- C:\Program Files\DesktopDoctor1.5.4.exe
[2006/12/28 09:25:04 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/09 17:36:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/09 17:34:15 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Microsoft Word.lnk
[2014/02/09 17:27:38 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 17:18:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/09 16:47:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 16:46:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 16:46:32 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2014/02/09 16:37:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 16:37:22 | 2951,270,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/09 16:36:04 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/09 16:12:49 | 000,007,816 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/02/09 14:00:06 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2014/02/08 20:40:13 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/02/08 10:55:10 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2014/02/08 10:10:06 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/02/08 09:36:21 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Kevin.job
[2014/02/07 22:56:24 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Driver Detective-RTMUpdater.job
[2014/02/07 06:41:20 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/02/05 11:28:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/05 11:28:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/04 14:00:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/04 13:51:17 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/02/04 12:47:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/04 11:30:01 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2014/02/04 10:46:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/03 16:48:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/03 16:31:21 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Microsoft Excel.lnk
[2014/02/02 01:04:26 | 000,000,532 | ---- | M] () -- C:\WINDOWS\tasks\Driver Detective-RTMRules.job
[2014/02/01 11:53:48 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/01 10:44:04 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2014/02/01 10:44:02 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\BearShare.lnk
[2014/01/31 10:20:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/28 12:18:06 | 000,001,712 | -H-- | M] () -- C:\Documents and Settings\Kevin\My Documents\Default.rdp
[2014/01/25 16:18:26 | 000,114,450 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\HP Installation Failure - Unknown Device.hta
[2014/01/25 06:50:19 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\WB.CFG
[2014/01/24 17:02:16 | 000,023,770 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\HP Installation Failure - MSI 1603.hta
[2014/01/23 15:39:32 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Driver Detective-RTMScan.job
[2014/01/21 10:43:09 | 000,000,881 | ---- | M] () -- C:\WINDOWS\orun32.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/07 16:31:08 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/02/07 16:31:00 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/02/05 11:28:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/04 11:30:01 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2014/02/04 11:29:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/04 11:23:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/04 11:23:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/04 11:23:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/04 11:23:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/04 11:23:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/01 10:44:02 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2014/02/01 10:44:00 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\BearShare.lnk
[2014/02/01 10:43:59 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\BearShare.lnk
[2014/01/31 10:20:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/26 18:11:05 | 000,001,712 | -H-- | C] () -- C:\Documents and Settings\Kevin\My Documents\Default.rdp
[2014/01/25 16:18:26 | 000,114,450 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\HP Installation Failure - Unknown Device.hta
[2013/12/23 10:50:03 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\WB.CFG
[2013/12/19 00:50:08 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/11/23 18:31:09 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/08/09 08:58:16 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\X-Plane Installer.prf
[2013/07/16 09:20:32 | 001,127,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/07/16 09:20:32 | 001,127,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/07/16 09:20:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/23 00:22:30 | 003,556,824 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/11/13 22:27:31 | 000,708,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3082707984-796126014-4124865413-1005-0.dat
[2012/11/09 15:39:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/11/09 10:31:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/11/08 22:24:34 | 000,197,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/08 15:21:42 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/03/24 09:10:40 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\HP15CState.bin
[2012/02/15 18:03:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/17 08:58:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin\print
[2010/12/11 16:38:57 | 001,518,195 | ---- | C] () -- C:\Documents and Settings\Kevin\fusioncomp
[2010/10/05 17:05:48 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 17:00:47 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/03/10 19:55:23 | 005,283,739 | ---- | C] () -- C:\Program Files\fv3d3.zip
[2008/08/22 17:09:19 | 017,580,000 | ---- | C] () -- C:\Program Files\pse_300_enu.exe
[2008/06/01 15:37:08 | 000,904,912 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008/01/07 20:45:21 | 000,995,718 | ---- | C] () -- C:\Program Files\lj2500ug.chm
[2007/12/07 12:37:00 | 012,727,648 | ---- | C] () -- C:\Program Files\winzip111.exe
[2007/10/29 12:13:37 | 000,000,602 | ---- | C] () -- C:\Program Files\Shortcut to install_flash_player.lnk
[2007/09/18 17:13:09 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/11 08:45:48 | 000,012,969 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/03/16 06:11:47 | 000,004,666 | ---- | C] () -- C:\Program Files\legitcheck.hta
[2007/02/19 18:01:08 | 000,000,501 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2007/02/19 18:01:08 | 000,000,329 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2007/02/19 17:59:33 | 000,002,587 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2007/02/19 17:59:33 | 000,001,100 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2007/01/05 17:46:40 | 007,718,504 | ---- | C] () -- C:\Program Files\winzip110.exe
[2006/12/09 21:55:14 | 005,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2006/09/01 13:04:18 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\license.dat
[2006/04/08 19:23:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\.googlewebacchosts
[2006/01/31 17:32:11 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/10 14:45:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/01/07 14:37:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/01/07 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2014/02/01 10:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\22203
[2008/08/24 15:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2013/11/21 07:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\flightgear.org
[2013/11/21 07:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fltk.org
[2012/11/12 10:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2007/10/21 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2010/04/04 15:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2013/11/23 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/02/02 09:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/01/25 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2013/09/07 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promote Installer
[2008/08/24 09:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/11/23 16:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/01/25 23:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/19 16:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/01/07 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2013/12/13 12:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\1O1L1I1PtF1F1C1N
[2013/11/29 15:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\BitTorrent
[2012/11/21 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DevCadLE
[2012/11/22 10:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DevCadPro
[2012/11/21 16:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DevCadShared
[2012/11/28 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DriverFinder
[2014/01/05 11:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\flightgear.org
[2013/11/21 07:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\fltk.org
[2006/01/11 18:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IBM
[2007/03/09 09:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IMSI
[2006/01/13 16:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\InterVideo
[2010/12/02 15:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\JacquieLawsonAdventCalendar
[2011/12/01 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\JLAdventCalendarLondon2011
[2010/04/04 15:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Juniper Networks
[2013/06/22 05:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2008/01/25 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PKWARE
[2013/11/22 11:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Subversion
[2013/12/05 10:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\supportdotcom
[2008/05/17 16:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Uniblue
[2012/11/11 06:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2012/11/21 22:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2006/01/07 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\IBM

========== Purity Check ==========

< End of report >

kaythos · 2014/02/10

Broni;

Here is the Extras log.

OTL Extras logfile created on: 2/9/2014 5:37:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 73.26% Memory free
3.34 Gb Paging File | 2.50 Gb Available in Paging File | 74.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 90.11 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Kevin\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\Kevin\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\File Type Assistant\TSAssist.exe" = C:\Program Files\File Type Assistant\TSAssist.exe:*:EnabledrogramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06857CD9-EB83-405F-9E21-C7B6D2E48880}" = HP 15C Emulator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{108433AC-4560-1E5B-682E-1145F173EF34}" = AMD Catalyst Install Manager
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{286B09BC-F9BD-4F71-B767-2AE0CE2F8CE5}" = ScorpionSaver Services
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3759CC1E-8259-4B0D-862A-078EABFFD97F}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}" = Driver Detective
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6B7CDE8A-0EA6-41DF-ABB9-AAD7D8CC9C4F}" = DesignCAD 3D Max 16.2
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8046B41C-FB30-4614-898F-57D44D0C66EB}" = HP Smart Print 2.1
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9262B08F-E183-4FED-A2BD-23FF1A84EB79}" = HPDiagnosticCoreDll
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07C536B-7F07-4F08-A967-D3918E3DCCB3}" = Lizardtech Express View
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}" = Google Earth
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A7ECAB7B-4599-4B90-B329-67784465DF81}" = DesignCAD 3D Max 18
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.84
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All" = All Screen Saver
"All ATI Software" = ATI - Software Uninstall Utility
"All Pictures" = All Pictures Screen Saver
"BearShare" = BearShare
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"Creative PD0630" = Creative WebCam Live! Driver (1.01.01.0730)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Live! User's Guide English" = Creative WebCam Live! User's Guide (English)
"Disketch" = Disketch Disc Label Software
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"Google Chrome" = Google Chrome
"HP Calculator Manager" = HP Calculator Manager 1.1.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobogenie" = Mobogenie
"MotoCalc 8_is1" = MotoCalc 8.07
"MouseSuite98" = Lenovo Mouse Suite
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"NZ" = Norton Zone
"PhotoPad" = PhotoPad Image Editor
"Pixillion" = Pixillion Image Converter
"Profili 2" = Profili 2
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RightSurf" = RightSurf
"Savings Bond Wizard" = Savings Bond Wizard
"Shop for HP Supplies" = Shop for HP Supplies
"Speccy" = Speccy
"ThinkPadSoftwareInstaller" = Software Installer
"Trusted Software Assistant_is1" = File Type Assistant
"Viewings" = Viewings Screen Saver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xfinity_stk_sop_stk" = Xfinity Signature Support Solutions Toolkit
"XpsEP" = XPS Essentials Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe AIR Free Download Packages" = Adobe AIR Free Download Packages
"Adobe Flash Player ActiveX Free Download Packages" = Adobe Flash Player ActiveX Free Download Packages
"Firefox Free Download Packages" = Firefox Free Download Packages
"Google Earth Free Download Packages" = Google Earth Free Download Packages
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2014 6:06:11 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 1/9/2014 6:06:27 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)

Error - 1/9/2014 6:06:27 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 1/9/2014 6:06:27 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 1/9/2014 6:57:14 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 1/24/2014 5:52:22 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 10005
Description = Product: HP Officejet Pro 8500 A910 Basic Device Software -- Error
25000. Please disconnect the USB cable from your 'HP Officejet Pro 8500 A910' device
to complete the uninstallation.

Error - 2/4/2014 12:59:44 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 2/6/2014 11:48:12 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 10005
Description = Product: HP Officejet Pro 8500 A910 Basic Device Software -- Error
25000. Please disconnect the USB cable from your 'HP Officejet Pro 8500 A910' device
to complete the uninstallation.

Error - 2/6/2014 3:43:30 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 10005
Description = Product: HP Officejet Pro 8500 A910 Basic Device Software -- Error
25000. Please disconnect the USB cable from your 'HP Officejet Pro 8500 A910' device
to complete the uninstallation.

Error - 2/6/2014 5:05:48 PM | Computer Name = DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KEVIN\RECENT\COMBOFIX.LNK> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 2/9/2014 5:38:01 PM | Computer Name = DESKTOP | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 2/9/2014 5:38:01 PM | Computer Name = DESKTOP | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
0, function 1. Please contact your system vendor for technical assistance.

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The HP Status service failed to start due to the following error:
%%3

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The HP Status Print service failed to start due to the following error:
%%3

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IBM Rapid Restore Ultra
Service service to connect.

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TVT Scheduler service
to connect.

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Update RightSurf service
to connect.

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Update RightSurf service failed to start due to the following
error: %%1053

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Util RightSurf service
to connect.

Error - 2/9/2014 5:43:30 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Util RightSurf service failed to start due to the following error:
%%1053

< End of report >

kaythos

broni · 2014/02/10

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (HP Status)
SRV - File not found [Auto | Stopped] -- -- (HP Status Print)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\HEADLI~2\bar\1.bin\29barsvc.exe -- (HeadlineAlley_29Service)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (HPx9G+)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "AutoConfigURL" = http://localhost:9100/proxy.pac
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "AutoConfigURL" = http://localhost:9100/proxy.pac
FF - HKLM\Software\MozillaPlugins\@HeadlineAlley_29.com/Plugin: C:\Program Files\HeadlineAlley_29\bar\1.bin\NP29Stub.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\BearSharePlugin: C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O15 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3082707984-796126014-4124865413-1005\..Trusted Domains: desktop ([]file in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Click on "Run ESET Online Scanner" button.

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

kaythos · 2014/02/10

Hi Broni;

Thanks - I need to digest this! One question... in your note about OTL stalling how do I run in Safe mode ? Do I get out of OTL and reboot, or what? I've never done this before.

kaythos

broni · 2014/02/10

Try to run it normally first.

kaythos · 2014/02/10

Hi Broni,

OTL Fix ran fine - here's the log:

All processes killed
========== OTL ==========
Service HP Status stopped successfully!
Service HP Status deleted successfully!
Service HP Status Print stopped successfully!
Service HP Status Print deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service HeadlineAlley_29Service stopped successfully!
Service HeadlineAlley_29Service deleted successfully!
File C:\PROGRA~1\HEADLI~2\bar\1.bin\29barsvc.exe not found.
Error: No service named Winsock - Google Desktop Search Backup Before Last Install was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before Last Install deleted successfully.
Error: No service named Winsock - Google Desktop Search Backup Before First Install was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock - Google Desktop Search Backup Before First Install deleted successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service HPx9G+ stopped successfully!
Service HPx9G+ deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Kevin\LOCALS~1\Temp\catchme.sys not found.
HKU\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@HeadlineAlley_29.com/Plugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\BearSharePlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3082707984-796126014-4124865413-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\desktop\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 57513 bytes

User: Kevin
->Temp folder emptied: 33656839 bytes
->Java cache emptied: 60583031 bytes
->FireFox cache emptied: 118312639 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 64148 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 57513 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 26458 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 958716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 238819 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33360 bytes
RecycleBin emptied: 1039219071 bytes

Total Files Cleaned = 1,195.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kevin
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Kevin
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02102014_165732

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_88.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

kaythos · 2014/02/11

HI Broni;

I posted the OTL log yesterday. I have also run Security Check and posting the log here;

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton AntiVirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java 7 Update 51
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Adobe Flash Player 12.0.0.44
Adobe Reader XI
Mozilla Firefox (27.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 21.1.0.18 NAV.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

broni · 2014/02/11

Go on...

kaythos · 2014/02/13

Hi Broni;

I have just finished running the ESET scan. It took just under 24 hours - does that sound right? Anyway, the results said 8 threats were found. I clicked on List of Found Threats but I could not see any link that said Export to Text File. To get to the point, I cannot find the text file and need to know what to do. Windows has automatically re-booted.

Must I re-run ESET? In fact, should I re-run everything starting with OTL? By the way, I do not think I sent the log from the FSS run.

I will wait for your reply.

kaythos

broni · 2014/02/13

Yes I still need FSS log.

Instead of re-running Eset run this...

Please run F-Secure Online Scanner

Disable your Antivirus program.

Click on Run now button.
NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.

Click on Start button.

Click on "Accept" button.

When scan is done, in Step 3: Clean the files, leave all settings as they're.

Click Next button.

Click Full report... button.

Copy report's content and paste it into your next reply.

kaythos · 2014/02/14

Hi Broni,

I have just run the F-Secure scan and it found no bad items. No report was available.

Here is the FSS log:

Farbar Service Scanner Version: 02-02-2014
Ran by Kevin (administrator) on 12-02-2014 at 10:42:47
Running from "C:\Documents and Settings\Kevin\My Documents\Downloads "
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

What to do next?

When I switched on this AM I got a BSOD. This had a pointer to a different item than all the others ( ssrln.sys ). There must be a light at the of this tunnel!

kaythos

broni · 2014/02/14

From malware point of view....

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

13. Please, let me know, how your computer is doing.

kaythos · 2014/02/14

Hi Broni,

Many, many thanks for your help. I can see there is plenty for me to do! I will certainly let you how the computer fares .

kaythos

broni · 2014/02/14

Log in or Sign up

Solved IBM Desktop Probs-Malware?

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved IBM Desktop Probs-Malware?

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

kaythos Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches