Solved DOJ Malware Got me.

broni · 2013/01/18

Looks good

How is computer doing?

===================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

=========================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Pepse · 2013/01/18

So far it seems to be running good.

Pepse.

Pepse · 2013/01/19

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 23:58:58
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Jim Sekola - JIMSEKOLA-PC
# Boot Mode : Normal
# Running from : C:\Users\Jim Sekola\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\searchplugins\SearchResults.xml
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\SiteRanker
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Jim Sekola\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\Conduit
Folder Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\ConduitCommon
Folder Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\CT2438727
Folder Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\prefs.js

C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\user.js ... Deleted !

Deleted : user_pref( "CT2438727..clientLogIsEnabled ", false);
Deleted : user_pref( "CT2438727..clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref( "CT2438727..uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref( "CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR ", false);
Deleted : user_pref( "CT2438727.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
Deleted : user_pref( "CT2438727.AppTrackingLastCheckTime ", "Tue Jan 01 2013 21:42:06 GMT-0600 (Central Standard[...]
Deleted : user_pref( "CT2438727.CTID ", "CT2438727 ");
Deleted : user_pref( "CT2438727.CurrentServerDate ", "19-1-2013 ");
Deleted : user_pref( "CT2438727.DialogsAlignMode ", "LTR ");
Deleted : user_pref( "CT2438727.DialogsGetterLastCheckTime ", "Fri Jan 18 2013 23:56:06 GMT-0600 (Central Standa[...]
Deleted : user_pref( "CT2438727.DownloadReferralCookieData ", " ");
Deleted : user_pref( "CT2438727.FirstServerDate ", "17-2-2011 ");
Deleted : user_pref( "CT2438727.FirstTime ", true);
Deleted : user_pref( "CT2438727.FirstTimeFF3 ", true);
Deleted : user_pref( "CT2438727.FirstTimeSettingsDone ", true);
Deleted : user_pref( "CT2438727.FixPageNotFoundErrors ", true);
Deleted : user_pref( "CT2438727.GroupingServerCheckInterval ", 1440);
Deleted : user_pref( "CT2438727.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
Deleted : user_pref( "CT2438727.HasUserGlobalKeys ", true);
Deleted : user_pref( "CT2438727.HomePageProtectorEnabled ", false);
Deleted : user_pref( "CT2438727.HomepageBeforeUnload ", "google.com ");
Deleted : user_pref( "CT2438727.Initialize ", true);
Deleted : user_pref( "CT2438727.InitializeCommonPrefs ", true);
Deleted : user_pref( "CT2438727.InstallationAndCookieDataSentCount ", 3);
Deleted : user_pref( "CT2438727.InstalledDate ", "Wed Feb 16 2011 19:45:01 GMT-0600 (Central Standard Time) ");
Deleted : user_pref( "CT2438727.IsAlertDBUpdated ", true);
Deleted : user_pref( "CT2438727.IsGrouping ", false);
Deleted : user_pref( "CT2438727.IsMulticommunity ", false);
Deleted : user_pref( "CT2438727.IsOpenThankYouPage ", true);
Deleted : user_pref( "CT2438727.IsOpenUninstallPage ", true);
Deleted : user_pref( "CT2438727.LanguagePackLastCheckTime ", "Fri Jan 18 2013 00:15:56 GMT-0600 (Central Standar[...]
Deleted : user_pref( "CT2438727.LanguagePackReloadIntervalMM ", 1440);
Deleted : user_pref( "CT2438727.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref( "CT2438727.LastLogin_2.7.1.3 ", "Thu Mar 24 2011 22:23:56 GMT-0500 (Central Daylight Time) "[...]
Deleted : user_pref( "CT2438727.LastLogin_3.10.0.1 ", "Wed Apr 18 2012 17:00:11 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.12.0.7 ", "Thu Apr 26 2012 01:17:13 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.12.2.3 ", "Wed May 30 2012 23:36:32 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.13.0.6 ", "Sun Jul 22 2012 12:54:21 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.14.1.0 ", "Wed Aug 22 2012 00:02:17 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.15.1.0 ", "Fri Jan 18 2013 23:56:06 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref( "CT2438727.LastLogin_3.3.3.2 ", "Mon May 23 2011 23:04:26 GMT-0500 (Central Daylight Time) "[...]
Deleted : user_pref( "CT2438727.LastLogin_3.3.5.1 ", "Sat Dec 03 2011 10:51:31 GMT-0600 (Central Standard Time) "[...]
Deleted : user_pref( "CT2438727.LastLogin_3.8.1.0 ", "Wed Jan 11 2012 01:10:40 GMT-0600 (Central Standard Time) "[...]
Deleted : user_pref( "CT2438727.LastLogin_3.9.0.3 ", "Wed Mar 07 2012 01:11:34 GMT-0600 (Central Standard Time) "[...]
Deleted : user_pref( "CT2438727.LatestVersion ", "3.16.0.3 ");
Deleted : user_pref( "CT2438727.Locale ", "en ");
Deleted : user_pref( "CT2438727.LoginCache ", 4);
Deleted : user_pref( "CT2438727.MCDetectTooltipHeight ", "83 ");
Deleted : user_pref( "CT2438727.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
Deleted : user_pref( "CT2438727.MCDetectTooltipWidth ", "295 ");
Deleted : user_pref( "CT2438727.MyStuffEnabledAtInstallation ", true);
Deleted : user_pref( "CT2438727.SearchBoxWidth ", 150);
Deleted : user_pref( "CT2438727.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref( "CT2438727.SearchEngineBeforeUnload ", "Google ");
Deleted : user_pref( "CT2438727.SearchFromAddressBarIsInit ", true);
Deleted : user_pref( "CT2438727.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref( "CT2438727.SearchInNewTabEnabled ", true);
Deleted : user_pref( "CT2438727.SearchInNewTabIntervalMM ", 1440);
Deleted : user_pref( "CT2438727.SearchInNewTabLastCheckTime ", "Fri Jan 18 2013 00:15:56 GMT-0600 (Central Stand[...]
Deleted : user_pref( "CT2438727.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref( "CT2438727.SearchInNewTabUsageUrl ", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref( "CT2438727.SearchInNewTabUserEnabled ", false);
Deleted : user_pref( "CT2438727.SearchProtectorEnabled ", false);
Deleted : user_pref( "CT2438727.SearchProtectorToolbarDisabled ", false);
Deleted : user_pref( "CT2438727.ServiceMapLastCheckTime ", "Fri Jan 18 2013 00:15:56 GMT-0600 (Central Standard [...]
Deleted : user_pref( "CT2438727.SettingsCheckIntervalMin ", 120);
Deleted : user_pref( "CT2438727.SettingsLastCheckTime ", "Fri Jan 18 2013 23:56:06 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref( "CT2438727.SettingsLastUpdate ", "1358518271 ");
Deleted : user_pref( "CT2438727.ThirdPartyComponentsInterval ", 504);
Deleted : user_pref( "CT2438727.ThirdPartyComponentsLastCheck ", "Tue Jan 15 2013 13:40:31 GMT-0600 (Central Sta[...]
Deleted : user_pref( "CT2438727.ThirdPartyComponentsLastUpdate ", "1331805997 ");
Deleted : user_pref( "CT2438727.ToolbarShrinkedFromSetup ", false);
Deleted : user_pref( "CT2438727.TrusteLinkUrl ", "hxxp://trust.conduit.com/CT2438727 ");
Deleted : user_pref( "CT2438727.TrustedApiDomains ", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref( "CT2438727.UserID ", "UN10285929982569508 ");
Deleted : user_pref( "CT2438727.ValidationData_Search ", 2);
Deleted : user_pref( "CT2438727.ValidationData_Toolbar ", 2);
Deleted : user_pref( "CT2438727.alertChannelId ", "832836 ");
Deleted : user_pref( "CT2438727.backendstorage.currentgame ", "6661726D ");
Deleted : user_pref( "CT2438727.backendstorage.for_aoi ", "31333139303030383539 ");
Deleted : user_pref( "CT2438727.backendstorage.for_ccid ", "4E65772041756275726E ");
Deleted : user_pref( "CT2438727.backendstorage.for_cdtr6 ", "31333139303030383539 ");
Deleted : user_pref( "CT2438727.backendstorage.for_cid ", "5553 ");
Deleted : user_pref( "CT2438727.backendstorage.for_ip ", "36342E33332E3135302E3332 ");
Deleted : user_pref( "CT2438727.backendstorage.for_lcut ", "31333535353137363135 ");
Deleted : user_pref( "CT2438727.backendstorage.for_rid ", "5749 ");
Deleted : user_pref( "CT2438727.backendstorage.for_zoneid ", "3130323631 ");
Deleted : user_pref( "CT2438727.clientLogIsEnabled ", false);
Deleted : user_pref( "CT2438727.clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref( "CT2438727.generalConfigFromLogin ", "{\ "ApiMaxAlerts\ ":\ "12\ ",\ "SocialDomains\ ":\ "social.c[...]
Deleted : user_pref( "CT2438727.globalFirstTimeInfoLastCheckTime ", "Thu Jan 17 2013 00:15:56 GMT-0600 (Central [...]
Deleted : user_pref( "CT2438727.homepageProtectorEnableByLogin ", true);
Deleted : user_pref( "CT2438727.initDone ", true);
Deleted : user_pref( "CT2438727.isAppTrackingManagerOn ", false);
Deleted : user_pref( "CT2438727.myStuffEnabled ", true);
Deleted : user_pref( "CT2438727.myStuffPublihserMinWidth ", 400);
Deleted : user_pref( "CT2438727.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref( "CT2438727.myStuffServiceIntervalMM ", 1440);
Deleted : user_pref( "CT2438727.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref( "CT2438727.oldAppsList ", "129017707048431316,129017707048587567,111,129509324767711885,129[...]
Deleted : user_pref( "CT2438727.revertSettingsEnabled ", false);
Deleted : user_pref( "CT2438727.searchProtectorDialogDelayInSec ", 10);
Deleted : user_pref( "CT2438727.searchProtectorEnableByLogin ", true);
Deleted : user_pref( "CT2438727.testingCtid ", " ");
Deleted : user_pref( "CT2438727.toolbarAppMetaDataLastCheckTime ", "Fri Jan 18 2013 00:15:56 GMT-0600 (Central S[...]
Deleted : user_pref( "CT2438727.toolbarContextMenuLastCheckTime ", "Sun Jan 06 2013 21:41:33 GMT-0600 (Central S[...]
Deleted : user_pref( "CT2438727.uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref( "CT2438727.usagesFlag ", 2);
Deleted : user_pref( "CommunityToolbar.CantToolbarBeEngineOwner ", "CT2438727 ");
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US ", "\ "0\" ")[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727 ", [...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg ", "\[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727 ",[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref( "CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en ", "\ "8a1[...]
Deleted : user_pref( "CommunityToolbar.LatestLibsPath ", "file:///C:\\Users\\Jim Sekola\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref( "CommunityToolbar.LatestToolbarVersionInstalled ", "3.15.1.0 ");
Deleted : user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref( "CommunityToolbar.ToolbarsList ", "CT2438727 ");
Deleted : user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2438727 ");
Deleted : user_pref( "CommunityToolbar.alert.alertDialogsGetterLastCheckTime ", "Wed Jul 20 2011 02:08:13 GMT-05[...]
Deleted : user_pref( "CommunityToolbar.alert.alertInfoInterval ", 1440);
Deleted : user_pref( "CommunityToolbar.alert.alertInfoLastCheckTime ", "Sat Dec 03 2011 00:59:05 GMT-0600 (Centr[...]
Deleted : user_pref( "CommunityToolbar.alert.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
Deleted : user_pref( "CommunityToolbar.alert.locale ", "en ");
Deleted : user_pref( "CommunityToolbar.alert.loginIntervalMin ", 1440);
Deleted : user_pref( "CommunityToolbar.alert.loginLastCheckTime ", "Sat Dec 03 2011 00:58:56 GMT-0600 (Central S[...]
Deleted : user_pref( "CommunityToolbar.alert.loginLastUpdateTime ", "1313487611 ");
Deleted : user_pref( "CommunityToolbar.alert.messageShowTimeSec ", 20);
Deleted : user_pref( "CommunityToolbar.alert.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
Deleted : user_pref( "CommunityToolbar.alert.showTrayIcon ", false);
Deleted : user_pref( "CommunityToolbar.alert.userCloseIntervalMin ", 300);
Deleted : user_pref( "CommunityToolbar.alert.userId ", "{8c04f781-30c3-4f1b-9111-c99322c0cf07} ");
Deleted : user_pref( "CommunityToolbar.globalUserId ", "d979d361-c7f0-4298-abed-94c8c241b0da ");
Deleted : user_pref( "CommunityToolbar.isAlertUrlAddedToFeedItemTable ", true);
Deleted : user_pref( "CommunityToolbar.isClickActionAddedToFeedItemTable ", true);
Deleted : user_pref( "CommunityToolbar.notifications.alertDialogsGetterLastCheckTime ", "Wed Jan 16 2013 02:03:1[...]
Deleted : user_pref( "CommunityToolbar.notifications.alertInfoInterval ", 1440);
Deleted : user_pref( "CommunityToolbar.notifications.alertInfoLastCheckTime ", "Fri Jan 18 2013 00:16:05 GMT-060[...]
Deleted : user_pref( "CommunityToolbar.notifications.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
Deleted : user_pref( "CommunityToolbar.notifications.locale ", "en ");
Deleted : user_pref( "CommunityToolbar.notifications.loginIntervalMin ", 1440);
Deleted : user_pref( "CommunityToolbar.notifications.loginLastCheckTime ", "Fri Jan 18 2013 00:15:57 GMT-0600 (C[...]
Deleted : user_pref( "CommunityToolbar.notifications.loginLastUpdateTime ", "1313487611 ");
Deleted : user_pref( "CommunityToolbar.notifications.messageShowTimeSec ", 20);
Deleted : user_pref( "CommunityToolbar.notifications.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
Deleted : user_pref( "CommunityToolbar.notifications.showTrayIcon ", false);
Deleted : user_pref( "CommunityToolbar.notifications.userCloseIntervalMin ", 300);
Deleted : user_pref( "CommunityToolbar.notifications.userId ", "e1e13775-5ded-4536-b4be-13e3ed9990e6 ");
Deleted : user_pref( "browser.search.defaultenginename ", "Web Search ");
Deleted : user_pref( "browser.search.order.1 ", "Web Search ");
Deleted : user_pref( "extensions.toolbar@ask.com.install-event-fired ", true);

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Jim Sekola\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [24344 octets] - [18/01/2013 23:58:58]

########## EOF - C:\AdwCleaner[S1].txt - [24405 octets] ##########

Pepse · 2013/01/19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Ultimate x86
Ran by Jim Sekola on Sat 01/19/2013 at 0:11:02.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\siteranker

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll "
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll "
Successfully deleted: [File] "C:\Windows\couponprinter.ocx "

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jim Sekola\appdata\locallow\datamngr "
Successfully deleted: [Folder] "C:\Program Files\coupons "

~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\siteranker@siteranker.com
Successfully deleted the following from C:\Users\Jim Sekola\AppData\Roaming\mozilla\firefox\profiles\8o0odotb.default\prefs.js

user_pref( "extentions.y2layers.defaultEnableAppsList ", "Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader, ");
user_pref( "extentions.y2layers.installId ", "6ca1c28a-1b8b-43f7-bed1-53a8464b9fc3 ");
user_pref( "extentions.y2layers.lastDnsTest ", 371933);
Emptied folder: C:\Users\Jim Sekola\AppData\Roaming\mozilla\firefox\profiles\8o0odotb.default\minidumps [50 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/19/2013 at 0:12:45.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pepse · 2013/01/19

OTL logfile created on: 1/19/2013 12:19:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim Sekola\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.78% Memory free
6.50 Gb Paging File | 5.59 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 354.49 Gb Free Space | 76.11% Space Free | Partition Type: NTFS

Computer Name: JIMSEKOLA-PC | User Name: Jim Sekola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 00:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim Sekola\Desktop\OTL.exe
PRC - [2013/01/02 23:46:21 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jim Sekola\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/10/02 13:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 13:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/03 10:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 10:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/13 17:05:23 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

========== Services (SafeList) ==========

SRV - [2013/01/16 10:37:52 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 10:53:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/30 13:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/03 10:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/23 23:06:31 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/19 11:19:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JIMSEK~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/07/03 10:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 10:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 10:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 10:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 10:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 10:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 09:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/08/15 14:06:20 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/08/15 14:06:20 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/08/15 14:06:20 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/08/15 14:06:20 | 000,090,928 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/01/10 17:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 FB E5 F5 FA B7 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z170&form=ZGAIDF&install_date=20111017&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20111106&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "google.com "
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties "
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jim Sekola\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jim Sekola\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/07/13 18:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/27 13:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 23:46:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 13:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/16 10:37:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2013/01/02 23:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013/01/15 13:41:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/27 13:47:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 13:56:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:11:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/16 10:37:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/10/17 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Extensions
[2011/01/28 13:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/29 12:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013/01/18 23:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\Firefox\Profiles\8o0odotb.default\extensions
[2012/10/14 23:29:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pjfhx3b5.default\extensions
[2012/10/14 23:29:26 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pjfhx3b5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/14 23:29:25 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Jim Sekola\AppData\Roaming\Mozilla\SeaMonkey\Profiles\pjfhx3b5.default\extensions\inspector@mozilla.org
[2012/12/15 13:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/15 13:56:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/15 13:56:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/15 13:56:35 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/02 23:46:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/09/05 22:38:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 02:31:16 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z127&form=ZGACDF&install_date=20111211
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealDownloader = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Jim Sekola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/18 00:29:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jim Sekola\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\Jim Sekola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F2DB31-4D27-476E-963A-F3A8B06DDA0D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 00:18:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim Sekola\Desktop\OTL.exe
[2013/01/19 00:11:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/19 00:10:50 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/19 00:10:25 | 000,499,025 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jim Sekola\Desktop\JRT.exe
[2013/01/18 01:10:34 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim Sekola\Documents\mbam-setup-1.70.0.1100 (1).exe
[2013/01/18 00:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/18 00:55:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/18 00:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/18 00:30:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 00:30:28 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\AppData\Local\temp
[2013/01/18 00:18:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/18 00:18:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/18 00:18:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/18 00:17:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 00:17:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/18 00:10:58 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Jim Sekola\Desktop\ComboFix.exe
[2013/01/17 00:57:47 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\Desktop\mbar-1.01.0.1016
[2013/01/17 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\Desktop\RK_Quarantine
[2013/01/16 12:56:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim Sekola\Desktop\dds.com
[2013/01/16 12:40:43 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jim Sekola\Desktop\aswMBR.exe
[2013/01/16 10:41:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim Sekola\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/16 10:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/01/15 12:25:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/03 00:20:11 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\AppData\Roaming\RealNetworks
[2013/01/02 23:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/02 23:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/02 23:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/02 23:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/01 22:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\AppData\Roaming\LibreOffice
[2013/01/01 22:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2013/01/01 22:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3.6
[2012/12/28 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\AppData\Local\Programs
[2012/12/26 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Jim Sekola\Desktop\HD_Audio
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/19 00:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim Sekola\Desktop\OTL.exe
[2013/01/19 00:10:29 | 000,499,025 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jim Sekola\Desktop\JRT.exe
[2013/01/19 00:08:24 | 000,017,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 00:08:24 | 000,017,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 00:01:11 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766567189-2379603247-3129890486-1001UA.job
[2013/01/19 00:00:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 00:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 00:00:40 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 23:57:49 | 000,574,677 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\adwcleaner.exe
[2013/01/18 23:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 12:41:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 12:34:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/01/18 01:01:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766567189-2379603247-3129890486-1001Core.job
[2013/01/18 00:55:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 00:54:52 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim Sekola\Documents\mbam-setup-1.70.0.1100 (1).exe
[2013/01/18 00:29:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/18 00:11:19 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Jim Sekola\Desktop\ComboFix.exe
[2013/01/17 00:51:00 | 013,462,931 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\mbar-1.01.0.1016.zip
[2013/01/17 00:17:43 | 000,764,416 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\RogueKiller.exe
[2013/01/16 12:56:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim Sekola\Desktop\dds.com
[2013/01/16 12:55:21 | 000,000,512 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\MBR.dat
[2013/01/16 12:41:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jim Sekola\Desktop\aswMBR.exe
[2013/01/16 10:47:57 | 000,002,060 | ---- | M] () -- C:\Users\Jim Sekola\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/16 10:41:48 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim Sekola\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/16 02:19:22 | 000,330,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/16 02:04:50 | 000,002,397 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\Google Chrome.lnk
[2013/01/16 02:01:51 | 000,697,860 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013/01/16 02:01:51 | 000,624,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/16 02:01:51 | 000,134,970 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013/01/16 02:01:51 | 000,106,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/02 23:46:58 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/02 23:46:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/01 22:58:09 | 000,013,490 | ---- | M] () -- C:\Users\Jim Sekola\Documents\Labels1.odt
[2013/01/01 22:18:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2013/01/01 21:55:47 | 214,724,608 | ---- | M] () -- C:\Users\Jim Sekola\Documents\LibO_3.6.4_Win_x86_install_multi.msi
[2013/01/01 21:55:47 | 214,724,608 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\LibO_3.6.4_Win_x86_install_multi.msi
[2013/01/01 21:46:22 | 008,548,352 | ---- | M] () -- C:\Users\Jim Sekola\Documents\LibO_3.6.4_Win_x86_helppack_en-US.msi
[2012/12/30 23:14:12 | 000,003,919 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\Official GROM emblem.jpg
[2012/12/26 01:42:08 | 124,038,686 | ---- | M] () -- C:\Users\Jim Sekola\Desktop\mb_driver_audio_realtek_azalia.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 23:57:44 | 000,574,677 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\adwcleaner.exe
[2013/01/18 00:55:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 00:18:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/18 00:18:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/18 00:18:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/18 00:18:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/18 00:18:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/17 00:50:24 | 013,462,931 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\mbar-1.01.0.1016.zip
[2013/01/17 00:17:37 | 000,764,416 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\RogueKiller.exe
[2013/01/16 12:55:21 | 000,000,512 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\MBR.dat
[2013/01/02 23:46:58 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/01 22:58:06 | 000,013,490 | ---- | C] () -- C:\Users\Jim Sekola\Documents\Labels1.odt
[2013/01/01 22:18:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2013/01/01 22:13:12 | 008,548,352 | ---- | C] () -- C:\Users\Jim Sekola\Documents\LibO_3.6.4_Win_x86_helppack_en-US.msi
[2013/01/01 22:13:04 | 214,724,608 | ---- | C] () -- C:\Users\Jim Sekola\Documents\LibO_3.6.4_Win_x86_install_multi.msi
[2013/01/01 21:45:14 | 214,724,608 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\LibO_3.6.4_Win_x86_install_multi.msi
[2012/12/30 23:14:05 | 000,003,919 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\Official GROM emblem.jpg
[2012/12/26 01:36:04 | 124,038,686 | ---- | C] () -- C:\Users\Jim Sekola\Desktop\mb_driver_audio_realtek_azalia.exe
[2012/11/27 13:43:00 | 000,170,062 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012/11/27 13:43:00 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011/09/07 12:28:11 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2011/09/07 12:28:11 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2011/07/01 11:53:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/01 11:52:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/17 00:07:48 | 000,000,000 | ---- | C] () -- C:\Users\Jim Sekola\AppData\Local\{CC01E002-8F18-4582-BF99-34F12E5302D8}
[2011/02/19 03:10:24 | 000,697,860 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2011/02/19 03:10:24 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2011/02/19 03:10:24 | 000,134,970 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2011/02/19 03:10:24 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2011/02/13 16:01:28 | 000,000,302 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/02/08 11:59:48 | 000,221,299 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/02/08 11:59:48 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/01/25 11:10:53 | 000,000,017 | ---- | C] () -- C:\Users\Jim Sekola\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/11 02:24:00 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\.purple
[2011/11/23 03:33:22 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\DriverFinder
[2013/01/01 22:19:22 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\LibreOffice
[2012/11/25 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\Masque
[2011/09/02 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\MusicNet
[2011/02/14 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\OpenOffice.org
[2012/07/08 22:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\Opera
[2011/01/28 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\Thunderbird
[2012/11/28 01:44:52 | 000,000,000 | ---D | M] -- C:\Users\Jim Sekola\AppData\Roaming\Visan

========== Purity Check ==========

< End of report >

Pepse · 2013/01/19

OTL Extras logfile created on: 1/19/2013 12:19:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim Sekola\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.78% Memory free
6.50 Gb Paging File | 5.59 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 354.49 Gb Free Space | 76.11% Space Free | Partition Type: NTFS

Computer Name: JIMSEKOLA-PC | User Name: Jim Sekola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1 "

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052D9EEB-A9DC-4492-B974-AAF3DD3B7834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11EC826A-375D-411D-9FBF-6A5CB25DC580}" = rport=138 | protocol=17 | dir=out | app=system |
"{277B2B94-7BF7-4DB1-A0EA-DAF0E6BB3720}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E950BA4-0DAB-4A8D-8C69-5E47E6AA0C9C}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DDC1882-A707-4F1E-95DD-368C6CD59690}" = rport=445 | protocol=6 | dir=out | app=system |
"{43B9BCCF-23DF-4926-BBD7-41462458B725}" = rport=139 | protocol=6 | dir=out | app=system |
"{563F711D-20CA-45FF-8C2F-75BF8B9DE703}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{630D2602-25C9-4EC7-A0DE-D5AFA58FE226}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{779E1444-3E31-4E35-B7EE-4817ED67C953}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C0F68BF-D99B-4160-A903-7310A66CB465}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ED529CD-0222-44ED-AD11-1FDB8DD33172}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98E6DC73-1AF0-478B-9345-6BC3261AE79B}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0447EBD-613B-4A0E-BFC4-AC3B177D0DB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B5E9CF65-8295-4CEE-BCD3-86E474891771}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC97D2E-4698-4BA8-952D-DE4622B6C898}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE67C85A-3FBC-4D4E-81C8-BEC4DBE22E06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA2A2E64-412F-4D19-87D9-FBB4979E7FCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8D55EE1-C7B7-4D30-B93D-006A412148AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD98128C-B080-470B-B786-C9A3346C42DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E07AF9E9-4146-4ADE-97E2-D4ABC7FC7AD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5233660-C7B0-471F-901F-DAB560B623FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC3C65F8-B996-4CA6-B349-D6FA65724870}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDCA72AB-847A-4D6F-B171-FFC57437A569}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C91776-2401-4A89-AEDB-BD96FF0B1048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{054BE8DD-79C6-496D-A87D-F10F9DEE221C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0ADB7D68-10F8-4FE5-87F9-C333F210FD61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0EE44747-7C86-4708-868A-76C7C7D50810}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{164D83BA-E338-4725-8391-953DB0AB2BFD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{1CA70B20-979F-4EA1-B67C-B96652DF81CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{269ABA06-C107-400C-A04F-8385F53396A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{319D87ED-071B-49E3-9A25-D0AAF2CAA210}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{3311F10C-B3F0-47A3-9147-5BC904F5B30A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{358BC6C6-CAC6-4903-85BC-CDB1DF2ACCB6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36C4923C-7AFF-42D3-BEBF-3824617696E2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3874FDAB-11BA-4E62-8616-1E1AECE74292}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3D208ABF-151F-403E-A9D5-EE40144666F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E9E8499-0D5A-44F7-93AE-CD45CD9FB742}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{3F4D2311-6CD6-4E6F-AD2D-801545BEFCE1}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{43471689-DDE3-4D24-84A4-BC35BFD83F9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B607DB3-B762-4710-8C1E-EF377A8BCAD3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{5791574B-E8EF-4548-9382-18D1E672EFBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57D3CF78-B407-41CB-8393-60B4CBB4BB10}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62BE15BE-29C1-4DCC-BFFF-3CF1461BDD55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{66A5D506-0F98-485A-B725-E7D1BB9F6DC3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{66B80888-0A47-4BEA-891A-CE0C53FFE50D}" = protocol=6 | dir=out | app=system |
"{6C62B874-CCAC-453C-8C9F-B5DA1F6E043B}" = protocol=6 | dir=in | app=c:\users\jim sekola\appdata\local\akamai\netsession_win.exe |
"{6F75FA67-BD03-464C-BEC4-3A58ED84AE64}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{712BA717-D909-497E-B80C-8908E65CD01D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{7709AE03-C92B-4C78-A1A3-DC7C26DAC7D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{79E58E12-AD49-4D6D-A407-DF05803E3571}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7BF07F70-3236-4764-947C-F7A56C48E759}" = protocol=17 | dir=in | app=c:\users\jim sekola\appdata\local\akamai\netsession_win.exe |
"{7CF5E49B-4FA3-4C98-8D41-EF714C151FBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D25B943-6BF2-4464-BAC0-E4023BC6EDB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96D1DFF4-4552-4251-832D-FBD8DEC011A6}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A1748D1D-877E-49A1-BBDD-36C167D6ADEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{A437C035-4958-491C-8DC7-1EAF08CD0823}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A7BA4467-D05F-4867-A595-6F95BD170C8F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A9A89784-DF61-4462-B7FA-3F4AE7D6A31B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B059F895-A3D6-4522-BF1E-57913DE558E0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B18001D2-EACD-44A4-9865-6844B5E790F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B33107E4-F42C-4A5D-B830-94EFDA30ADF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA596905-BE8E-4664-9079-761BC52E1FE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C7949867-E163-4836-B3AA-4D97D921E5E4}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D4CF39B0-F9AB-4D91-BE03-3067B761D149}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D526E4D0-1584-4A69-A649-E64720CC2463}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D6E311B0-4028-48A4-9EB7-9548E24BE002}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{D7BF52DB-BC0E-4330-BBB8-86E236B31DA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{DF8F3875-6011-45F2-A8C7-C57F08EC5AB7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{E24E41FE-5F74-47B7-9D31-48D5A28F9EED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E5F04696-F122-407F-A39A-4DBE3CFFDB18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8F7B2FF-5B4B-4818-A0BA-3380423A1EF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F063AEF8-F39E-440D-97C0-F09CECCEC535}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F0857B64-BE6A-4657-A345-2FE77D369885}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{F3DFE570-52A4-4238-B49F-40BE769C3598}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5A566AF-EB19-43E2-AC07-57A33A1695BD}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{F61DBC60-E4F1-4314-BB46-93C2373EA492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2ED72738-8094-42DC-9CF6-4D4492419EED}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{4017FEC5-871D-448C-B5FA-5CA218954DF7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{8D1E5ED8-5BCF-462D-B83E-494300B62B9D}C:\users\jim sekola\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe" = protocol=6 | dir=in | app=c:\users\jim sekola\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe |
"TCP Query User{A0B4B31F-2805-48C3-AA1D-C382242EFB55}C:\users\jim sekola\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jim sekola\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B873A823-C287-4FCF-9351-93C4878BC7DA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0F918410-0B24-42E9-A329-453EA5F32767}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{36D54029-ACA7-427E-9805-238F8BE7E3AE}C:\users\jim sekola\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe" = protocol=17 | dir=in | app=c:\users\jim sekola\appdata\local\temp\chunkvnc_temp_files\instantsupportvnc.exe |
"UDP Query User{7B804172-06BB-4E57-B5C1-08A2737528A5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D5F7B2CD-215D-4539-A2AE-13C48D7716D1}C:\users\jim sekola\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jim sekola\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E3273EA4-9726-4FA8-B3F2-750E0578ADF3}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E9B665-BA03-4380-8494-B1E3E1693DDE}" = Masque IGT Slots Lucky Larry's Lobstermania
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20654556-7EE7-4D9F-850B-A6D458FB61EB}" = WMS Slots Reel 'em In
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{39AF2BD0-A69F-4597-8349-790B9F7A8589}" = LibreOffice 3.6 Help Pack (English)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}" = LibreOffice 3.6
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_is1" = Crawler Wallpaper
"{CEDA7B06-A6C0-4C0F-9B5A-9B7F68D110F9}" = Oracle VM VirtualBox 4.1.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"BearShare" = BearShare
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DjVu" = LizardTech DjVu Control (autoinstall)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pidgin" = Pidgin
"PowerManga" = PowerManga (Uninstall)
"RealPlayer 16.0" = RealPlayer
"SeaMonkey (2.2)" = SeaMonkey (2.2)
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

< End of report >

broni · 2013/01/19

OTL logs are clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Pepse · 2013/01/20

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 22
Java(TM) 6 Update 35
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Mozilla Thunderbird (17.0.2)
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Pepse · 2013/01/20

Farbar Service Scanner Version: 16-01-2013
Ran by Jim Sekola (administrator) on 20-01-2013 at 21:33:48
Running from "C:\Users\Jim Sekola\Desktop "
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Pepse · 2013/01/21

C:\FRST\Quarantine\dsgsdgdsgdsgw.js JS/Agent.NID trojan
C:\FRST\Quarantine\runctf.lnk Win32/Reveton.M trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\wgsdgsdgdsgsd.dll a variant of Win32/Kryptik.ARVI trojan cleaned by deleting - quarantined
C:\New Folder\Downloads\Parashara's_Light_v7.0_PE_Retail.zip probably a variant of Win32/Spy.Agent.IHWYYKM trojan deleted - quarantined

broni · 2013/01/21

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

========================

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

=========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Pepse · 2013/01/22

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim Sekola
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1416391 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11240221 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59775 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jim Sekola
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jim Sekola
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_130845

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Pepse · 2013/01/22

I will wait for your reply before cleaning up the other things.

Pepse.

broni · 2013/01/22

No reason to wait...

Pepse · 2013/01/24

Okay, everything seems to be okay. Thank you very much for your time on this.

One reason for my stupidity in getting the DOJ trojan is because I spend alot of time on my Linux OS and basically got careless when running my windows hard drive. It has definitely opened my eyes to be very cautious when I am in windows, again.

Again I thank you for your time and assistance in getting rid of this problem.

Take care.

Pepse.

Pepse · 2013/01/24

I can't remeber how to close this thread as solved.

Pepse.

broni · 2013/01/24

In this forum only I can do this.

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved DOJ Malware Got me.

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved DOJ Malware Got me.

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Pepse Well-Known Member Thread Starter

Pepse Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches