Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Re: Hacker has targeted a folder-all EXE's

This is a discussion on Re: Hacker has targeted a folder-all EXE's within the Resolved HJT Threads forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 04-26-2013, 10:21 AM   #1
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



This post refers to my Vista System only. The problem I am experiencing with the EXE's is that when I try to run one in my Dropbox folder or subfolders, I either get the CMD line message "Access denied - c:\users\jxx\appdata\local\temp\ztmp 'C:users\jxx\appdata\local\temp\ztemp\tmpnnnn.bat (where n represent any number) is not recognized as an internal...." (This ploy is to capture in a file, in the \ztmp folder, any BAT file I run from the above mentioned Dropbox folder. The hacker is trying to get passwords that are in the BAT files. But I have removed those BAT files and have created EXE's of them that do not reveal the password(s) stored in them.) or "Windows cannot find c:\users......\Appdata...\ztmp\tnnnn.bat ...." (This ploy is the same as mentioned above.) Plus, I am experiencing a slow computer, especially when I boot up. Sometimes I have to restart my machine. Here is the DDS.txt file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by XXX at 6:04:45 on 2013-04-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1500 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\iashost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearch Bar = Preserve
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - <orphaned>
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreeSoundRecorder Toolbar: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\XXX\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\XXX\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra08.exe
StartupFolder: c:\users\XXX\appdata\roaming\microsoft\windows\start menu\programs\startup\autorunsdisabled\hpqtra082.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.XXXXX.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{22906850-BC0B-4365-9A92-605E13EB2013} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0C51C7F-ADB0-4604-A879-B0BCA0430089} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\search~2\search~1\datamngr.dll c:\progra~1\search~2\search~1\IEBHO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 50.63.125.1 godaddy.com
Hosts: 66.135.48.22 serverbeach.com
Hosts: 66.150.14.42 pinball.com
Hosts: 63.162.234.131 Akamai.net
Hosts: 184.87.3.235 Akamai.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-19 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-28 41544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1403010.016\symds.sys [2013-4-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1403010.016\symefa.sys [2013-4-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\bashdefs\20130412.001\BHDrvx86.sys [2013-4-12 1000024]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys [2013-4-16 134304]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-19 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-11-1 186952]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\ipsdefs\20130425.001\IDSvix86.sys [2013-4-26 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1403010.016\ironx86.sys [2013-4-16 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys [2013-4-16 350368]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-29 68168]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-3-29 23624]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-7-27 112968]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-7-12 132056]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-26 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-26 342016]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-25 3560288]
R3 arusb_lh;SMCWUSB-N2 802.11n Wireless device driver;c:\windows\system32\drivers\arusb_lh.sys [2012-10-31 437760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-26 106656]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-7 5504]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-12 21504]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-9-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-9-16 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-2-16 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-11-1 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-11-1 8456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-7 29744]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-9-4 22640]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-10-6 14592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2012-12-14 2620016]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
FileExt: .inf: Applications\Q.EXE="c:\q\Q.EXE" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-26 11:00:06 688992 ----a-r- c:\users\XXX\dds.scr
2013-04-26 10:42:28 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00c549f0-9d0d-448c-8af9-205f661578b8}\offreg.dll
2013-04-17 21:12:28 -------- d--h--w- C:\VirtualStore
2013-04-17 19:15:02 -------- d-----w- c:\users\jim\appdata\roaming\ParetoLogic
2013-04-16 16:36:09 -------- d-----w- c:\program files\Dropbox
2013-04-16 1352 -------- d-----w- c:\users\jim\appdata\local\{1B6E5156-96F8-4B58-9A85-0947C12A3C51}
2013-04-16 11:42:59 934488 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symefa.sys
2013-04-16 11:42:59 367704 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symds.sys
2013-04-16 11:42:59 350368 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys
2013-04-16 11:42:59 338592 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symnets.sys
2013-04-16 11:42:59 32344 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtspx.sys
2013-04-16 11:42:59 21400 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symelam.sys
2013-04-16 11:42:58 602712 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtsp.sys
2013-04-16 11:42:58 175264 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ironx86.sys
2013-04-16 11:42:58 134304 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys
2013-04-16 11:42:21 14818 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symvtcer.dat
2013-04-16 11:42:20 -------- d-----w- c:\windows\system32\drivers\nis\1403010.016
2013-04-10 13:31:34 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:31:31 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:31:31 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:31:30 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:31:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:31:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:31:21 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 13:31:19 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:39:34 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-04 14:39:34 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-04-02 16:23:16 -------- d-----w- c:\program files\RealNetworks
2013-04-02 16:22:29 -------- d-----w- c:\program files\common files\xing shared
2013-03-29 14:19:45 19528 ----a-w- c:\windows\system32\fbnative.exe
.
==================== Find3M ====================
.
2013-04-26 10:21:50 70006 ----a-w- c:\users\XXX\usage.exe
2013-04-22 13:46:53 61667 ----a-w- c:\users\XXX\offering.exe
2013-04-22 13:45:50 61664 ----a-w- c:\users\XXX\checkbox.exe
These 3 EXE's are run outside of Dropbox although they are also in Dropbox.
2013-04-20 16:55:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 16:55:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 16:21:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-02 16:21:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-21 15:26:08 848 --sha-w- c:\programdata\KGyGaAvL.sys
2013-03-16 17:51:52 186952 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-16 17:48:40 41544 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-16 17:43:22 15944 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-16 17:40:12 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-10 20:52:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 20:52:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 20:52:30 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-16 11:37:00 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-15 22:12:33 200 ----a-w- c:\windows\system32\o.BAT
2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 613.70 ===============

I do have access to the Install Disk. Attached is the file "attach.zip".
Attached Files
File Type: zip attach.zip (9.2 KB, 25 views)

__________________
pbone_tsf is offline  
Old 04-26-2013, 11:33 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs->Programs and Features if it still exists:

Windows Searchqu Toolbar<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files\Windows Searchqu Toolbar

------------------------------------------------------

I noticed you have FreeSoundRecorder Toolbar installed.

Please read this and decide if you want to keep it >> SystemLookup - Global Search

You can uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files\freesoundrecorder

------------------------------------------------------

Take a look in this file:

c:\windows\system32\o.BAT

What did you find?

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-27-2013, 07:32 AM   #3
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Thanks for your help.

Per your instructions:

Uninstalled "Windows Searchqu Toolbar"; C:\Program Files\Windows Searchqu Toolbar folder removed.

Uninstalled "FreeSoundRecorder Toolbar", C:\Program Files\freesoundrecorder folder removed.

C:\Windows\System32\o.bat is a personally written BAT file; it was deleted.

Below are the results of running ComboFix.exe:

(Note that none of the potential happenings, while running ComboFix, occurred.)
_______________________________________________________________________

ComboFix 13-04-27.04 - XXX 04/27/2013 8:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1450 [GMT -5:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\YYY\usage.exe
c:\users\XXX\checkbox.exe
c:\users\XXX\dds.scr
c:\users\XXX\offering.exe
c:\users\XXX\usage.exe
c:\windows\Fonts\usps4cb.ttf
c:\windows\system32\ReadMe.txt
c:\windows\system32\tmpC8AB.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 13:46 . 2013-04-27 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 13:46 . 2013-04-27 13:47 -------- d-----w- c:\users\XXX\AppData\Local\temp
2013-04-27 13:46 . 2013-04-27 13:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-26 16:38 . 2013-04-17 11:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BFE88FC-60E5-4328-BD59-7B24D03B8FF7}\mpengine.dll
2013-04-17 21:12 . 2013-04-17 21:12 -------- d-----w- C:\VirtualStore
2013-04-17 19:15 . 2013-04-17 19:15 -------- d-----w- c:\users\XXX\AppData\Roaming\ParetoLogic
2013-04-16 16:36 . 2013-04-16 16:36 -------- d-----w- c:\program files\Dropbox
2013-04-16 11:42 . 2013-04-16 15:51 -------- d-----w- c:\windows\system32\drivers\NIS\1403010.016
2013-04-16 11:19 . 2013-04-27 13:44 -------- d-----w- c:\users\YYY
2013-04-10 13:31 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:31 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:31 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:31 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:31 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:31 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:31 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 13:31 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-04-02 16:23 . 2013-04-02 16:23 -------- d-----w- c:\program files\RealNetworks
2013-04-02 16:22 . 2013-04-02 16:22 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-29 14:19 . 2013-03-16 17:59 19528 ----a-w- c:\windows\system32\fbnative.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 14:18 . 2013-04-26 14:19 9459 ----a-w- c:\users\attach.zip
2013-04-26 13:39 . 2009-01-08 18:52 900 --sha-w- c:\programdata\KGyGaAvL.sys
2013-04-26 10:24 . 2013-02-26 19:34 70006 ----a-w- c:\users\usage.exe
2013-04-20 16:55 . 2012-04-01 20:27 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-20 16:55 . 2011-05-19 18:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 16:21 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-02 16:21 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-16 17:51 . 2011-11-02 00:18 186952 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-16 17:48 . 2011-05-28 21:23 41544 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-16 17:43 . 2011-05-19 18:10 15944 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-16 17:40 . 2011-05-19 18:10 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-12 06:10 . 2009-10-03 21:46 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-10 20:52 . 2013-03-10 20:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 20:52 . 2012-07-02 11:49 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 20:52 . 2010-06-04 21:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-16 11:37 . 2013-02-16 11:37 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-12 01:57 . 2013-03-14 15:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
Code:
<pre>
c:\windows\notepad .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 1939968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="RD" [X]
"removeSearchqudatamngr"="RD" [X]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
hpqtra08.exe [2010-5-28 276328]
hpqtra082.exe [2010-5-28 276328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRQ Uploader
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 15:19 204800 ------w- c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
c:\progra~1\SEARCH~2\SEARCH~1\DATAMN~1.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2013-03-16 18:00 1372232 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2013-03-16 17:59 70728 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent]
2012-12-19 16:05 1074888 ----a-w- c:\program files\Iminent\Iminent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger]
2012-12-19 16:05 884936 ----a-w- c:\program files\Iminent\Iminent.Messengers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities]
c:\program files\Norton Utilities 14\RMTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
c:\program files\Uniblue\RegistryBooster\launcher.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
2008-07-10 23:09 9499928 ----a-w- c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-29 23:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-04-02 16:21 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 03:32 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-06 19:37 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:42]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:42]
.
2013-04-27 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-08-23 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
Trusted Zone: $talisma_url$
Trusted Zone: att.net\loginprodx
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-27 08:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3b,62,01,9a,81,11,4e,ad,9b,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3b,62,01,9a,81,11,4e,ad,9b,08,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2013-04-27 08:54:26
ComboFix-quarantined-files.txt 2013-04-27 13:54
.
Pre-Run: 136,697,114,624 bytes free
Post-Run: 136,651,784,192 bytes free
.
- - End Of File - - CDCAD4834FEF02E8B4E2D824200A121C
__________________
pbone_tsf is offline  
Old 04-27-2013, 09:26 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello again, pbone_tsf. You can delete c:\users\usage.exe

Let me know if the hacking behavior is still gone.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
RenV::
c:\windows\notepad .exe

ClearJavaCache::

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"=-
"removeSearchqudatamngr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-27-2013, 12:38 PM   #5
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Below, as requested, is the output of ComboFix.exe.

I am attaching a file that was originally a BAT file, obviously created by the highjacker. This BAT file was originally written by me, and what you are getting is the highjacker's "revised" version. The BAT file I wrote is only concerned with running "Netstat.exe" and has been scheduled to run upon login. The file is t18865.zip. I am also attaching a file that was originally a TMP file, obviously created by the highjacker. It is now a TXT file, but will come to you as ~DFB763XXX.zip. The file was apparently set to not revealed its true contents, but I managed to to get it open. I have found other TMP files that I cannot open to reveal the true contents. These files were all created today.

_______________________________________________________________________

ComboFix 13-04-27.04 - XXX 04/27/2013 12:54:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1747 [GMT -5:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
Command switches used :: c:\users\XXX\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 18:25 . 2013-04-27 18:25 -------- d-----w- c:\users\XXX\AppData\Local\temp
2013-04-27 18:25 . 2013-04-27 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 18:25 . 2013-04-27 18:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-26 16:38 . 2013-04-17 11:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BFE88FC-60E5-4328-BD59-7B24D03B8FF7}\mpengine.dll
2013-04-17 21:12 . 2013-04-17 21:12 -------- d-----w- C:\VirtualStore
2013-04-17 19:15 . 2013-04-17 19:15 -------- d-----w- c:\users\XXX\AppData\Roaming\ParetoLogic
2013-04-16 16:36 . 2013-04-16 16:36 -------- d-----w- c:\program files\Dropbox
2013-04-16 11:42 . 2013-04-16 15:51 -------- d-----w- c:\windows\system32\drivers\NIS\1403010.016
2013-04-16 11:19 . 2013-04-27 13:44 -------- d-----w- c:\users\Jan
2013-04-10 13:31 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 13:31 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:31 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:31 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:31 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:31 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:31 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 13:31 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-04 14:39 . 2013-04-04 14:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-04-02 16:23 . 2013-04-02 16:23 -------- d-----w- c:\program files\RealNetworks
2013-04-02 16:22 . 2013-04-02 16:22 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-29 14:19 . 2013-03-16 17:59 19528 ----a-w- c:\windows\system32\fbnative.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 14:18 . 2013-04-26 14:19 9459 ----a-w- c:\users\attach.zip
2013-04-26 13:39 . 2009-01-08 18:52 900 --sha-w- c:\programdata\KGyGaAvL.sys
2013-04-20 16:55 . 2012-04-01 20:27 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-20 16:55 . 2011-05-19 18:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 16:21 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-02 16:21 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-16 17:51 . 2011-11-02 00:18 186952 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2013-03-16 17:48 . 2011-05-28 21:23 41544 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2013-03-16 17:43 . 2011-05-19 18:10 15944 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2013-03-16 17:40 . 2011-05-19 18:10 50248 ----a-w- c:\windows\system32\drivers\eubakup.sys
2013-03-12 06:10 . 2009-10-03 21:46 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-10 20:52 . 2013-03-10 20:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 20:52 . 2012-07-02 11:49 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 20:52 . 2010-06-04 21:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-16 11:37 . 2013-02-16 11:37 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-12 01:57 . 2013-03-14 15:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 18:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 1939968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
hpqtra08.exe [2010-5-28 276328]
hpqtra082.exe [2010-5-28 276328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 15:19 204800 ------w- c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2013-03-16 18:00 1372232 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2013-03-16 17:59 70728 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent]
2012-12-19 16:05 1074888 ----a-w- c:\program files\Iminent\Iminent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger]
2012-12-19 16:05 884936 ----a-w- c:\program files\Iminent\Iminent.Messengers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
2008-07-10 23:09 9499928 ----a-w- c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-29 23:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-04-02 16:21 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 03:32 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-06 19:37 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:42]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:42]
.
2013-04-27 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-08-23 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
Trusted Zone: $talisma_url$
Trusted Zone: att.net\loginprodx
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-27 13:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3b,62,01,9a,81,11,4e,ad,9b,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3b,62,01,9a,81,11,4e,ad,9b,08,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4284)
c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
.
Completion time: 2013-04-27 13:33:28
ComboFix-quarantined-files.txt 2013-04-27 18:33
ComboFix2.txt 2013-04-27 14:08
.
Pre-Run: 136,548,634,624 bytes free
Post-Run: 136,406,056,960 bytes free
.
- - End Of File - - BF333D6B15B1F20F60A04142088277A5
Attached Files
File Type: zip t18865.zip (321 Bytes, 17 views)
File Type: zip ~DFB763XX.zip (3.3 KB, 16 views)
__________________
pbone_tsf is offline  
Old 04-27-2013, 01:03 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello again, pbone_tsf. Have you changed all your passwords?

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

I'm not seeing anything else in the logs. Let's see what an online scan finds.

------------------------------------------------------

Please download Temp File Cleaner and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe then choose 'Run as administrator' and click 'Start'.
  • Your desktop will disappear, this is normal, it will return.
  • If prompted, click "Yes" to reboot.
------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 6 Update 43
Java(TM) 6 Update 7


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 7 Update 17, by going to Control Panel > Programs > Java (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel > Programs and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-29-2013, 05:24 PM   #7
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



I just lost about 45 minutes of work on this site, and I don't know how to get it back. If anyone knows, then kindly let me know.
__________________
pbone_tsf is offline  
Old 04-29-2013, 05:28 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Quote:
Originally Posted by pbone_tsf View Post
I just lost about 45 minutes of work on this site, and I don't know how to get it back. If anyone knows, then kindly let me know.
Not sure what you mean. If you mean logs, let me know. They should be saved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-30-2013, 03:37 AM   #9
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



I mean a post just like this one. I'll try again in a few days.
__________________
pbone_tsf is offline  
Old 04-30-2013, 05:51 AM   #10
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



The problem has been ascertained to be a local who is gaining access to my computers and implanting programs on my machine. How he is doing this is beyond me. I remember several years ago that some kid would connect with my computer and run a small program that simply brought up a window that told me to put a floppy in my A: drive. One day I did so and got garbage; ie, what appeared to be local cemetery records.

If anyone can tell me how to handle this, I would appreciate it. The only thing that is happening is harassment.

All the power scans that I have been running have yielded nothing.
__________________
pbone_tsf is offline  
Old 04-30-2013, 07:09 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello again, pbone_tsf. By power scans, do you mean MBAM and ESET found nothing?

Did you change all your passwords?

------------------------------------------------------

Download OTL.exe to your desktop.

Double-click the icon to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.Txt, on Desktop.
Please copy/paste the contents of OTL.Txt in your next reply and attach the Extras.Txt to your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-02-2013, 08:54 AM   #12
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Attached you will find a zipped file that contains 4 tasks set up allegedly my me. It appears the hacker is using RealPlayer to quise some of his handiwork. There are corresponding entries in the Register, but these entries are all different while the tasks indicate only one entry for all. There is the *_1001 entry, the *-1001_Classes entry, the *-1002 entry, the *-1002_Classes entry, and the *-1004 entry. It also appears that he added the folder "c:\program files\realnetworks". It also appears that he has made user of the program Roxio that used to be on my computer. The only Roxio on my computer is Roxio Drag-to-Disc.

It also appears that the hacker was using the old Java installation of version 6; I had to manually uninstall it by deleting the folder (as it would not uninstall by way of the Programs process.).

Below, in order, are BAT files and OTC files:


In this file, the hacker has added line 2 thru 6:
@echo off
set ztmp=C:\Users\Jim\AppData\Local\Temp\ztmp
set MYFILES=C:\Users\Jim\AppData\Local\Temp\afolder
set bfcec=tmp2351.exe
set cmdline=
SHIFT /0
@echo off
path=c:\windows\system32
tasklist /svc>%homepath%\Desktop\results.txt
echo >offOYR.txt
echo Dq?9x%%36Fv+27Qj> offOYR.txt
clip< offOYR.txt
pause
echo >boxOYR.txt
echo &67Ru_509WqPkvBT%%> boxOYR.txt
clip< boxOYR.txt
del offOYR.txt
del boxOYR.txt
exit
end

___________________________________________________________________
In this file, the hacker has added lines 2 thru 9:
@echo off
set ztmp=C:\Users\Jim\AppData\Local\Temp\ztmp
set MYFILES=C:\Users\Jim\AppData\Local\Temp\afolder
set bfcec=t18425.exe
set cmdline=
SHIFT /0
@echo off
%ztmp%\%bfcec% dfg84NsBe2 %o1% %o2% %o3%
%ztmp%\%bfcec% h5NfP8k2yX5rT %o1% %o2%
netstat.exe >netstat_1.txt
netstat.exe -f >netstat_1f.txt
exit
^
_____________________________________________________________________

OTL logfile created on: 4/30/2013 9:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.59% Memory free
8.90 Gb Paging File | 7.34 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): c:\pagefile.sys 6144 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 126.85 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.81% Space Free | Partition Type: NTFS
Drive G: | 222.77 Gb Total Space | 138.35 Gb Free Space | 62.10% Space Free | Partition Type: NTFS
Drive H: | 10.00 Gb Total Space | 4.91 Gb Free Space | 49.10% Space Free | Partition Type: NTFS
Drive I: | 232.94 Gb Total Space | 216.88 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/30 21:54:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2013/04/10 02:15:58 | 027,151,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2013/03/06 10:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/30 11:03:12 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/07/27 02:30:58 | 000,112,968 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2012/07/05 07:04:00 | 000,342,016 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcServiceHost.exe
PRC - [2012/06/07 06:22:44 | 001,939,968 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\pcTrayApp.exe
PRC - [2012/03/13 05:59:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/09 15:42:33 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/09 15:26:47 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 15:26:36 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 15:26:27 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll
MOD - [2010/02/11 00:30:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2013/03/06 10:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 10:57:16 | 002,620,016 | ---- | M] (Iminent) [Disabled | Stopped] -- C:\Program Files\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2012/08/30 11:03:12 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/27 02:30:58 | 000,112,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2012/07/05 07:04:00 | 000,342,016 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2012/03/13 05:59:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/09/16 21:29:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/09/16 21:17:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/07/10 18:09:24 | 000,107,800 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe -- (RetroExpLauncher)
SRV - [2008/05/02 20:35:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\sbapifs.sys -- (sbapifs)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\jl2005c.sys -- (JL2005C)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\gfiark.sys -- (gfiark)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jim\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/12 18:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/03/16 12:51:52 | 000,186,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2013/03/16 12:48:40 | 000,041,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2013/03/16 12:43:22 | 000,015,944 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2013/03/16 12:40:12 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2013/02/16 06:37:00 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/01/30 22:18:18 | 000,350,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\symtdiv.sys -- (SYMTDIv)
DRV - [2013/01/30 22:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\symefa.sys -- (SymEFA)
DRV - [2013/01/28 20:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 20:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 21:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\symds.sys -- (SymDS)
DRV - [2013/01/17 09:43:04 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130430.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/17 09:43:04 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130430.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/12/21 20:57:55 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/21 20:57:55 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/15 21:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 21:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403010.016\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012/09/27 16:10:48 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/09/26 15:45:52 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130430.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/09/04 00:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2012/06/14 13:09:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/14 13:09:12 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/03/13 05:59:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Unknown (-1) | Auto | Unknown] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
DRV - [2012/03/07 05:07:00 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/11/09 17:26:36 | 000,014,592 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/02/11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/10/16 02:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/24 08:17:00 | 000,437,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\arusb_lh.sys -- (arusb_lh)
DRV - [2007/03/07 09:03:20 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/22 17:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/04/04 11:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | Auto | Running] -- C:\virt\vfd.sys -- (VirtualFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = Yahoo!
IE - HKCU\..\SearchScopes,DefaultScope = {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = {SEARCHTERMS} - Norton Safe Search
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb185/...R8RY2d9sP&i=26
IE - HKCU\..\SearchScopes\{FCA2905C-D488-4D91-B3A3-855BE6ECE75B}: "URL" = {searchTerms} - Yahoo! Search Results
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jim\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/13 21:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/15 18:34:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/09/27 16:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013/04/30 20:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/02 11:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/02 11:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/13 21:52:08 | 000,000,000 | ---D | M]

[2013/04/03 11:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla FireFox\extensions

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb185/...R8RY2d9sP&i=26
CHR - default_search_provider: suggest_url =
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jim\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Iminent = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.10.2.1_0\
CHR - Extension: SelectionLinks = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.0.26_0\

O1 HOSTS File: ([2013/04/27 08:47:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013/03/05 10:53:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([loginprodx] https in Trusted sites)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/P...ller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22906850-BC0B-4365-9A92-605E13EB2013}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C51C7F-ADB0-4604-A879-B0BCA0430089}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/13 19:04:47 | 000,000,053 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/30 21:54:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2013/04/28 22:28:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/28 22:28:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/28 22:28:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/27 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/27 20:58:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/27 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/27 20:55:36 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2013/04/27 13:33:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2013/04/27 13:29:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/27 08:30:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 08:30:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 08:30:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 08:28:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 08:27:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/27 08:13:58 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2013/04/26 11:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/26 05:48:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2013/04/17 16:12:28 | 000,000,000 | ---D | C] -- C:\VirtualStore
[2013/04/17 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\ParetoLogic
[2013/04/16 11:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/04/16 0852 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1B6E5156-96F8-4B58-9A85-0947C12A3C51}
[2013/04/10 09:29:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 09:29:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 09:29:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 09:29:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 09:29:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/10 09:29:21 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/10 09:29:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 09:29:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/10 08:31:31 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 08:31:31 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 08:31:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 08:31:21 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/10 08:31:19 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/04 09:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/04/04 09:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/04/04 09:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/04/02 13:10:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\Downloads
[2013/04/02 11:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/04/02 11:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/04/01 08:12:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\TaskSched

========== Files - Modified Within 30 Days ==========

[2013/04/30 21:54:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2013/04/30 21:31:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 21:20:17 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/04/30 21:02:54 | 000,000,616 | ---- | M] () -- C:\Users\Jim\Desktop\HJCKER.lnk
[2013/04/30 20:51:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 20:51:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 20:50:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 20:48:57 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/04/30 20:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/30 09:08:43 | 000,000,729 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Primary.lnk
[2013/04/29 09:13:02 | 000,008,754 | ---- | M] () -- C:\Windows\mozy.blk
[2013/04/29 09:13:01 | 000,000,104 | ---- | M] () -- C:\Windows\mozy.flt
[2013/04/29 08:41:22 | 000,001,018 | ---- | M] () -- C:\Users\Jim\Desktop\OnlineScannerApp - Shortcut.lnk
[2013/04/29 08:35:04 | 000,001,701 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2013/04/29 08:16:24 | 000,000,060 | ---- | M] () -- C:\Windows\System32\AUTOEXEC.BAT
[2013/04/29 08:13:36 | 002,062,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/29 08:13:36 | 000,612,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/27 20:58:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/27 20:55:36 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\TFC.exe
[2013/04/27 08:47:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/27 08:13:58 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2013/04/26 10:23:08 | 000,009,459 | ---- | M] () -- C:\Users\Jim\Desktop\attach.zip
[2013/04/26 08:39:33 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/04/26 05:48:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2013/04/26 05:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/25 15:39:18 | 002,512,149 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403010.016\Cat.DB
[2013/04/21 20:16:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/04/21 20:16:54 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/04/20 11:55:55 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/20 11:55:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/16 11:35:57 | 000,000,953 | ---- | M] () -- C:\Users\Jim\Desktop\Dropbox.lnk
[2013/04/16 11:35:57 | 000,000,933 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/16 10:51:10 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403010.016\VT20130115.021
[2013/04/12 22:39:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/11 12:14:20 | 000,014,272 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2013/04/10 09:37:27 | 000,302,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 08:48:56 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/04/08 08:14:53 | 006,125,531 | ---- | M] () -- C:\Users\Jim\Documents\Document.rtf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 13:20:24 | 000,000,852 | ---- | M] () -- C:\Users\Jim\Documents\hosts
[2013/04/04 09:55:28 | 000,377,856 | ---- | M] () -- C:\Users\Jim\Desktop\gmer.exe
[2013/04/04 09:39:47 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk
[2013/04/04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/03 03:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403010.016\isolate.ini
[2013/04/02 11:23:35 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/04/02 11:22:12 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/04/02 11:21:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/04/02 11:21:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/04/02 11:21:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2013/04/29 18:04:14 | 000,000,616 | ---- | C] () -- C:\Users\Jim\Desktop\HJCKER.lnk
[2013/04/29 08:41:22 | 000,001,018 | ---- | C] () -- C:\Users\Jim\Desktop\OnlineScannerApp - Shortcut.lnk
[2013/04/29 08:27:06 | 000,000,060 | ---- | C] () -- C:\Windows\System32\AUTOEXEC.BAT
[2013/04/27 20:58:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/27 08:30:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 08:30:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 08:30:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 08:30:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 08:30:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/26 10:23:08 | 000,009,459 | ---- | C] () -- C:\Users\Jim\Desktop\attach.zip
[2013/04/26 06:22:45 | 000,377,856 | ---- | C] () -- C:\Users\Jim\Desktop\gmer.exe
[2013/04/23 09:31:13 | 000,001,212 | ---- | C] () -- C:\Users\Jim\Desktop\exefix_vista.reg
[2013/04/21 20:42:49 | 000,011,386 | ---- | C] () -- C:\Users\Jim\Desktop\[1].xml
[2013/04/21 19:56:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/04/21 19:56:41 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/04/08 08:14:52 | 006,125,531 | ---- | C] () -- C:\Users\Jim\Documents\Document.rtf
[2013/04/04 13:20:23 | 000,000,852 | ---- | C] () -- C:\Users\Jim\Documents\hosts
[2013/04/04 09:39:47 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Free Audio Converter.lnk
[2013/04/02 11:23:33 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/03/05 09:40:42 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/02/26 08:48:12 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2013/01/28 04:26:02 | 000,001,378 | ---- | C] () -- C:\Windows\TURBOTRP.INI
[2013/01/20 22:25:39 | 000,000,112 | ---- | C] () -- C:\Users\Jim\CBSlog.bat
[2012/07/23 10:20:51 | 000,000,632 | RHS- | C] () -- C:\Users\Jim\ntuser.pol
[2011/11/01 19:10:14 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/01 19:10:14 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/01 19:10:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/01 19:10:14 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/01 19:10:14 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/09/16 20:41:49 | 000,001,463 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2011/09/16 20:38:00 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/09/16 20:38:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011/05/29 18:55:31 | 000,000,316 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/28 16:23:13 | 000,041,544 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011/05/27 10:30:09 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
[2011/05/11 09:34:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/14 01:41:34 | 000,008,268 | ---- | C] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2009/01/08 13:52:38 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/05/26 19:22:59 | 000,017,908 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2007/03/31 14:19:52 | 000,014,272 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2007/03/15 18:33:42 | 000,027,648 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >

____________________________________________________________________

OTL Extras logfile created on: 4/30/2013 9:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.59% Memory free
8.90 Gb Paging File | 7.34 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): c:\pagefile.sys 6144 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 126.85 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.81% Space Free | Partition Type: NTFS
Drive G: | 222.77 Gb Total Space | 138.35 Gb Free Space | 62.10% Space Free | Partition Type: NTFS
Drive H: | 10.00 Gb Total Space | 4.91 Gb Free Space | 49.10% Space Free | Partition Type: NTFS
Drive I: | 232.94 Gb Total Space | 216.88 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072E35F2-E5AB-4256-9FB5-7A7B060AFE0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0F0AE8AF-8FA2-4084-9FCA-4843F580D7CB}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{101B0EC8-9164-4C6D-82F5-4D2ED46DF513}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{10D14E19-B9B6-4B41-A702-C9EA54AA0526}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{18F716E6-A56E-4C5D-B08D-BE6A699DC904}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B42CBEE-1425-4871-8BCD-8FAD21724065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30DFD99C-73C0-4C3A-821B-68D6BD261E9D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{37243DDE-9971-443D-B5A9-A054570669A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{42D43698-A39D-4E13-8326-3AF03DFDC03B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{45F16185-3CAD-4D2E-9A0C-58C7EB4D78AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E8C90A4-1D9C-4C28-B1CB-621DD9E8ECC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F699BD1-DA40-40A5-9100-CF1FAE9847CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{506B743F-27F0-4790-9563-02BA8A6FF802}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50D29F37-A2A8-46D6-B2DC-70F1FE597ACD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{54C6250A-476E-4528-AE41-3563DAA59E3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{593DBC01-15E6-4C93-B326-341EFFF2A8FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{63BB50A0-19EA-4A31-A0A0-6AB6344D8ED9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{664BF1C0-44F7-46E7-BE03-0BD59B36EFA7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{72D4C6DD-A5E7-449C-A3AB-B9989F1F558D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7D8AD926-F1A5-4321-95A1-43314E21E8E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DBDC57F-C8D2-46F4-9262-301ACAE5A685}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7E97332B-61C5-4368-BFC4-EC7BD11E96D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{815154DC-2C64-47D7-B9CE-460C82EE8B94}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8D00EA61-2ED6-4424-8A9B-0317727FD257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FC8F8DD-C2AC-4B86-9DF6-EA3B1CDBF3BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C294D8C-6BBF-4239-B00C-C1A4C414F233}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4E348AD-068E-4113-B908-2516646705EC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A795ADBD-8875-493F-9C45-9C082525380B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA9EEDB4-DC72-4BC8-9844-FBA2729F2265}" = lport=137 | protocol=17 | dir=in | app=system |
"{B27FD53C-AAD0-4F48-B71B-5665B0C9BF49}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9C0C572-15FB-482E-90EF-4AABA16B0E18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8EC7118-6C0E-478F-9998-638F82824405}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF29DB2F-7138-4A6D-93B6-0264612726FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F62300B9-2620-4402-9D7A-FB453F2CB719}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02324E3C-59E3-4ACC-BF73-D031F917388D}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |
"{05DB9728-F60D-4B3A-9632-214661850C57}" = protocol=17 | dir=in | app=c:\users\jim\appdata\roaming\dropbox\bin\dropbox.exe |
"{06A939B0-CD64-4C53-884A-4167C4C32AD4}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0C35B278-1626-4CA3-A945-DED768A23C13}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0D15C91A-9A0E-4778-BBE3-DA0FA7DC0073}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{16A409B0-EFD8-463D-85F6-1377A4FBE9A9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{1798F48A-0A37-4A20-AD03-56B980A864E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{1DDF51D2-F032-4E2B-8641-B5DFDC780A07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{205EF6AB-5A56-4062-92D4-71FF5379E887}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{2AAAB804-41BC-46BD-8706-01F6E795D7CA}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{2AB67078-D295-4578-806A-F5C2FB986EC1}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{2EC17DA5-25C1-4ED3-A23E-145A9EA23D29}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{376D2A45-33D6-4BAF-BB2E-B6699C98B8E7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{3E29B3DB-175F-4DC2-868D-2F4AE3617035}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{3F5AAAC6-CCCE-435F-BCB9-94599DC73286}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{42DC4703-A2E4-4D00-8BD4-22DA73469838}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{4FAA9183-E7E6-45B7-863C-62D8F6CE2E70}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{5538C66F-BDD3-4EDB-B6F7-C835D106BA88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{56BFFBDA-C9C5-42C3-8611-CEE194F36813}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{58CF8135-0214-4FE4-89E4-82CA306BB19F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{58D273FE-2512-4F44-8CA9-696EFDF48B7B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{59CEF5FC-B244-4D4B-8DC8-2975E4E09770}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5C283309-2250-42C4-AFE3-D46D5695E0FD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{60E09BDE-F135-4F21-8451-D20BFB4451E8}" = dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{64557118-0D0F-4A4C-94B7-5E67754E2DF9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{6D2D73FC-EC19-4CDA-9634-6BF2E8A79764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6E4F9907-6539-4E4B-B071-34886EDB9269}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D4723B3-D47D-425D-B842-6AA1194780E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7F45FFC8-87F8-4FD3-B3E3-42173CE1C05A}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{825F36E4-C1CB-4D04-A2E6-1041DDB335A4}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{8EBD054F-1C91-4A79-9056-F78B8ECDE2BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8EC9AF13-8F25-400C-B092-BEC92C0DF401}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{90457E51-8E97-4122-B949-18DC6D588D9F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{9279FC99-C7A5-4168-87DA-3EC7BBE9E8E9}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{98BF4CBF-34D2-4639-A42D-CCEFDF3E8DE8}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{9ADB3E43-7AB9-4063-AA89-E79FCEC75E7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9BB9C1DA-2D3B-4F43-AD68-597F40CAF315}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A3C9F4A5-CEB6-48E9-89FD-184753A2CBD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{AAEE1133-EA1B-42AB-B7A4-63442A88BB7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB9DBBFD-31D7-4B98-B6A1-F02A8EAE5BC6}" = protocol=6 | dir=in | app=c:\users\jim\appdata\roaming\dropbox\bin\dropbox.exe |
"{B5115CC2-DFAE-40EE-9ED4-D2643AD50C5B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B633FD7C-198D-49B6-9DE7-286571C908E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B77361CE-16D7-46B8-AE20-8C90387958D4}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C29A6DD7-2C34-4E09-8D52-720884BF6D27}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{C54A9628-30BA-470D-A81C-2C5667C76008}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C8792337-5236-48E7-B414-42CE3A587AA0}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{D1B2D3F3-EB57-41E9-89FC-237B7B9EED7E}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{D56B082B-3CCC-44D4-A6A5-7B5C581B4B7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D6D1F12D-248E-40B8-B085-4D015703FD63}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{D8DBBD8A-8EE9-49AA-A442-278CFFE9E342}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{DBA655D7-B02F-4195-9B61-35268752025C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{DE869BD8-F9A1-4BAF-8502-8765C9C16F3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3733BD0-48E8-43EB-8006-065DDE3F58F3}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E934E4A7-725B-4A34-9EB5-D8211D8D10B0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EE3BD1F3-3771-44D1-8004-39D060EB42D5}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{FB529382-F8DE-4F94-9902-4BCA829C887D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B406F3B-8008-430C-B385-ED63154534C7}" = L7600
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DBAD634-0032-42E8-8A04-B4CFC5062EB0}" = Iminent
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{abdd06e3-e013-403b-9e72-41bbad51ed2e}" = Nero MediaHome 4 Essentials
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C5828861-B97B-4037-995C-C65E9CC13A3B}" = Sound Blaster Audigy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D2B1C10F-369B-40BC-B550-271F968C5EE0}" = Intel(R) Network Connections 17.3.63.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D960A153-9447-4003-8ED0-C86858C11BCC}" = SMCWUSB-N2 Wireless Utility
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced BAT to EXE Converter PRO v2.83" = Advanced BAT to EXE Converter PRO v2.83
"Advanced BAT to EXE Converter v2.80" = Advanced BAT to EXE Converter v2.80
"ALchemy" = Creative ALchemy
"ATT" = AT&T U-verse Setup
"ATT-PRT22" = ATT-PRT22
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"ATT-SST-UversePortal" = AT&T Portal
"Audacity_is1" = Audacity 2.0
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Crescendo" = Crescendo Music Notation Editor
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"EaseUS Todo Backup Free 5.8_is1" = EaseUS Todo Backup Free 5.8
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"Gnaural_is1" = Gnaural ver. 1.0.20110606
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"IMBoosterARP" = Iminent
"ImgBurn" = ImgBurn
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Norton PC Checkup_is1" = Norton PC Checkup
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC-Doctor for Windows" = Dell Support Center
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PROSetDX" = Intel(R) Network Connections 17.3.63.0
"RealPlayer 16.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"sl-dlc" = SelectionLinks
"SysInfo" = Creative System Information
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"WaveStudio 7" = Creative WaveStudio 7
"WildTangent dell Master Uninstall" = Dell Games
"Windows Product Key Finder Pro®_is1" = Windows Product Key Finder Pro® 2.3
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = att.net Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2013 6:59:45 AM | Computer Name = Jim-PC | Source = SPP | ID = 12290
Description =

Error - 4/30/2013 8:02:20 AM | Computer Name = Jim-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 4/30/2013 10:30:07 AM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6,
exception code 0xe06d7363, fault offset 0x0003fc16, process id 0x25b4, application
start time 0x01ce45aed81e99bb.

Error - 4/30/2013 9:53:38 PM | Computer Name = Jim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/30/2013 9:54:41 PM | Computer Name = Jim-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13b4 Start Time: 01ce460e42dd3633 Termination Time: 5

Error - 4/30/2013 9:55:59 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application t31332.exe, version 0.0.0.0, time stamp 0x513e7d2b,
faulting module t31332.exe, version 0.0.0.0, time stamp 0x513e7d2b, exception code
0xc0000005, fault offset 0x00007afb, process id 0x1470, application start time 0x01ce460f068e1ae3.

Error - 4/30/2013 9:59:21 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application t27385.exe, version 0.0.0.0, time stamp 0x513e7d2b,
faulting module t27385.exe, version 0.0.0.0, time stamp 0x513e7d2b, exception code
0xc0000005, fault offset 0x00007afb, process id 0x65c, application start time 0x01ce460f7eee4c33.

Error - 4/30/2013 10:30:51 PM | Computer Name = Jim-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 4/30/2013 10:52:45 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application t15763.exe, version 0.0.0.0, time stamp 0x513e7d2b,
faulting module t15763.exe, version 0.0.0.0, time stamp 0x513e7d2b, exception code
0xc0000005, fault offset 0x00007afb, process id 0x1ac4, application start time 0x01ce4616f3b06b03.

Error - 4/30/2013 11:21:54 PM | Computer Name = Jim-PC | Source = SPP | ID = 12290
Description =

[ IntelDH Events ]
Error - 5/6/2011 12:36:06 PM | Computer Name = Jim-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 5/6/2011 3:41:42 PM | Computer Name = Jim-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 5/7/2011 12:30:53 AM | Computer Name = Jim-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 8/14/2011 4:29:23 PM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/10/2011 3:28:37 PM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/23/2011 7:51:12 PM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 10/23/2011 7:51:35 PM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 11/19/2011 9:18:59 PM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 3/2/2013 10:32:10 AM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 3/2/2013 10:52:23 AM | Computer Name = Jim-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

[ OSession Events ]
Error - 11/5/2011 1:47:34 PM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/13/2013 6:38:48 PM | Computer Name = Jim-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3434
seconds with 2640 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/29/2013 7:35:40 AM | Computer Name = Jim-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/29/2013 7:36:02 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/29/2013 6:13:14 PM | Computer Name = Jim-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.72 for the Network Card with network
address 0019D13A4BF5 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 4/29/2013 6:13:32 PM | Computer Name = Jim-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/29/2013 6:14:06 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2013 6:30:00 AM | Computer Name = Jim-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/30/2013 6:30:25 AM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2013 6:49:07 AM | Computer Name = Jim-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 4/30/2013 9:48:55 PM | Computer Name = Jim-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/30/2013 9:50:08 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
__________________
pbone_tsf is offline  
Old 05-02-2013, 03:11 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello again, pbone_tsf. You never told me if you completed the MBAM and ESET scans.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}]
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-04-2013, 11:52 AM   #14
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



I ran the file fix.reg.
__________________
pbone_tsf is offline  
Old 05-04-2013, 11:55 AM   #15
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Here is an interesting file created yesterday:

The filename is "JavaDeployReg.txt".

check JRE registry to see if it's an corrupted webstart key
failed to recover webstart key when attempt to open ws key FAIL, error code[5]
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
check JRE registry to see if it's an corrupted webstart key
update invalid entry toC:\Program Files\Java\jre1.6.0_07\bin
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
invalid entry: C:\Program Files\Java\jre1.6.0_07\lib\plugin.jar version: 1.6.0_07
Ignore invalid deploy version: 1.6.0_07
invalid entry: C:\Program Files\Java\jre7\lib\plugin.jar version: 10.17.2
Ignore invalid deploy version: 10.17.2
Latest deploy version:
__________________
pbone_tsf is offline  
Old 05-04-2013, 12:01 PM   #16
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Here are scans I ran today:


ESET

C:\download\Ccleaner\nc100\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\download\EaseUs\cbsidlm-tr1_8-EaseUS_Disk_Copy_Home_Edition-ORG2-10867157.exe Win32/DownloadAdmin.E application
C:\download\ImgBurn\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\download\Key\CPP-ProductKeyFinder.exe Win32/OpenCandy application
C:\download\Key\ProductKeyFinder.exe a variant of Win32/Somoto.A application
C:\download\SanDiskcontents\cnet2_FirefoxPortablePlus_zip.exe a variant of Win32/InstallCore.D application
C:\Program Files\EASEUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application

These files are all legit.

_______________________________________________________________________


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.04.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [administrator]
5/4/2013 11:41:50 AM
mbam-log-2013-05-04 (11-41-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310235
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
__________________
pbone_tsf is offline  
Old 05-04-2013, 12:13 PM   #17
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



Here is another interesting file created today:

jusched.txt

Mon Apr 29 17:13:41 2013
:: **************** Running jusched ****************
Mon Apr 29 17:18:41 2013
:: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 06:46:00 2013
Mon Apr 29 17:18:45 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 1600 2013
Mon Apr 29 17:18:46 2013
:: JavaUpdate [Critical] NextSchedTime=Wed May 01 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 01 1600 2013
JavaUpdate [Critical]lastSchedTime=Wed Apr 24 06:46:00 2013
JavaUpdate [Critical]nextSchedTime=Wed May 01 06:46:00 2013
JavaUpdate [Critical]sleeptime (sec=134839, hours=37, days=1.56)
actual sleep time=134839000 msecs (37:27:19) for JavaUpdate [Critical]
Tue Apr 30 05:29:57 2013
:: **************** Running jusched ****************
Tue Apr 30 05:34:58 2013
:: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 06:46:00 2013
Tue Apr 30 05:34:58 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 1600 2013
Tue Apr 30 05:34:58 2013
:: JavaUpdate [Critical] NextSchedTime=Wed May 01 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 01 1600 2013
JavaUpdate [Critical]lastSchedTime=Wed Apr 24 06:46:00 2013
JavaUpdate [Critical]nextSchedTime=Wed May 01 06:46:00 2013
JavaUpdate [Critical]sleeptime (sec=90662, hours=25, days=1.05)
actual sleep time=90662000 msecs (25:11:02) for JavaUpdate [Critical]
Tue Apr 30 20:50:24 2013
:: **************** Running jusched ****************
Tue Apr 30 20:55:30 2013
:: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 06:46:00 2013
Tue Apr 30 20:55:30 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 01 1600 2013
Tue Apr 30 20:55:30 2013
:: JavaUpdate [Critical] NextSchedTime=Wed May 01 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 01 1600 2013
JavaUpdate [Critical]lastSchedTime=Wed Apr 24 06:46:00 2013
JavaUpdate [Critical]nextSchedTime=Wed May 01 06:46:00 2013
JavaUpdate [Critical]sleeptime (sec=35430, hours=9, days=0.41)
actual sleep time=35430000 msecs (9:50:30) for JavaUpdate [Critical]
Wed May 01 16:05:15 2013
:: **************** Running jusched ****************
Wed May 01 16:10:31 2013
:: Time for a Java Update [Critical] check.
Wed May 01 16:10:31 2013
:: Safe_CreateProcess(C:\Program Files\Java\jre7\bin\java.exe, "C:\Program Files\Java\jre7\bin\java.exe" -fullversion)
Wed May 01 16:10:36 2013
:: No cntry-lookup tag in map.xml
Wed May 01 16:10:36 2013
:: OVERRIDE SYSTEM VALUE==0:OS:winvista-sp2,Arch:i586,Version:1.7.0_21-b11,Locale:en,Cntry:YY
Wed May 01 16:10:36 2013
:: No Updates available
Wed May 01 16:10:36 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Sat May 04 06:46:00 2013
Wed May 01 16:10:36 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Wed May 01 2300 2013
Wed May 01 16:10:36 2013
:: JavaUpdate NextSchedTime=Sat May 04 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=24924, hours=6, days=0.29)
actual sleep time=24924000 msecs (6:55:24) for JavaFX
Thu May 02 08:02:46 2013
:: **************** Running jusched ****************
Thu May 02 08:07:49 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Sat May 04 06:46:00 2013
Thu May 02 08:07:49 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Thu May 02 1300 2013
Thu May 02 08:07:49 2013
:: JavaUpdate NextSchedTime=Sat May 04 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=17891, hours=4, days=0.21)
actual sleep time=17891000 msecs (4:58:11) for JavaFX
Fri May 03 12:20:30 2013
:: **************** Running jusched ****************
Fri May 03 12:25:52 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Sat May 04 06:46:00 2013
Fri May 03 12:25:52 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Fri May 03 1700 2013
Fri May 03 12:25:52 2013
:: JavaUpdate NextSchedTime=Sat May 04 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=16808, hours=4, days=0.19)
actual sleep time=16808000 msecs (4:40:08) for JavaFX
Fri May 03 12:35:59 2013
:: **************** Running jusched ****************
Fri May 03 12:41:00 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Sat May 04 06:46:00 2013
Fri May 03 12:41:04 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Fri May 03 1700 2013
Fri May 03 12:41:05 2013
:: JavaUpdate NextSchedTime=Sat May 04 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=15896, hours=4, days=0.18)
actual sleep time=15896000 msecs (4:24:56) for JavaFX
Fri May 03 14:28:27 2013
:: **************** Running jusched ****************
Fri May 03 14:33:28 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Sat May 04 06:46:00 2013
Fri May 03 14:33:28 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Fri May 03 1700 2013
Fri May 03 14:33:28 2013
:: JavaUpdate NextSchedTime=Sat May 04 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=9152, hours=2, days=0.11)
actual sleep time=9152000 msecs (2:32:32) for JavaFX
Sat May 04 08:12:40 2013
:: **************** Running jusched ****************
Sat May 04 08:17:40 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Sat May 04 13:46:00 2013
Sat May 04 08:17:41 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Sat May 04 1400 2013
Sat May 04 08:17:41 2013
:: JavaUpdate NextSchedTime=Sat May 11 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaUpdatelastSchedTime=Sat May 04 06:46:00 2013
JavaUpdatenextSchedTime=Sat May 11 06:46:00 2013
JavaUpdatesleeptime (sec=19700, hours=5, days=0.23)
actual sleep time=19700000 msecs (5:28:20) for JavaUpdate
Sat May 04 13:46:00 2013
:: Timeout occured. Run Java update now.
Sat May 04 13:46:00 2013
:: Time for a Java Update check.
Sat May 04 13:46:00 2013
:: Safe_CreateProcess(C:\Program Files\Java\jre7\bin\java.exe, "C:\Program Files\Java\jre7\bin\java.exe" -fullversion)
Sat May 04 13:46:02 2013
:: No cntry-lookup tag in map.xml
Sat May 04 13:46:02 2013
:: OVERRIDE SYSTEM VALUE==0:OS:winvista-sp2,Arch:i586,Version:1.7.0_21-b11,Locale:en,Cntry:YY
Sat May 04 13:46:02 2013
:: No Updates available
Sat May 04 13:46:02 2013
:: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 08 06:46:00 2013
Sat May 04 13:46:02 2013
:: JavaUpdate : Current time is <4 days past last scheduled time, Setting sleeptime to next 1hr window (7 hour delay): Sat May 04 1400 2013
Sat May 04 13:46:02 2013
:: JavaUpdate [Critical] NextSchedTime=Wed May 08 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaFX: lastSchedTime=Wed May 01 1600 2013
JavaFX: nextSchedTime=Wed May 08 1600 2013
JavaFX: sleeptime (sec=1198, hours=0, days=0.01)
actual sleep time=1198000 msecs (0:19:58) for JavaFX
Sat May 04 1400 2013
:: Timeout occured. Run JavaFX update now.
Sat May 04 1400 2013
:: Time for JavaFX update.
Sat May 04 1400 2013
:: Safe_CreateProcess(C:\Program Files\Java\jre7\bin\javaws.exe, "C:\Program Files\Java\jre7\bin\javaws.exe" -silent -import -reverse -javafxau -system -J-Dkernel.download.dialog=false ""http://dl.javafx.com/javafx-cache.jnlp"")
Sat May 04 1400 2013
:: Started JavaFX Update process Command:"C:\Program Files\Java\jre7\bin\javaws.exe" -silent -import -reverse -javafxau -system -J-Dkernel.download.dialog=false ""http://dl.javafx.com/javafx-cache.jnlp""
Sat May 04 1400 2013
:: JavaUpdate [Critical] : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 08 06:46:00 2013
Sat May 04 1400 2013
:: JavaUpdate : LastFinishTime is after LastScheduledTime, sleeping until next schedule Time: Wed May 08 1600 2013
Sat May 04 1400 2013
:: JavaUpdate [Critical] NextSchedTime=Wed May 08 06:46:00 2013
JavaFXUpdate NextSchedTime=Wed May 08 1600 2013
JavaUpdate [Critical]lastSchedTime=Wed May 01 06:46:00 2013
JavaUpdate [Critical]nextSchedTime=Wed May 08 06:46:00 2013
JavaUpdate [Critical]sleeptime (sec=319200, hours=88, days=3.69)
actual sleep time=319200000 msecs (88:40:00) for JavaUpdate [Critical]
__________________
pbone_tsf is offline  
Old 05-04-2013, 07:36 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Hello again, pbone_tsf. How do you connect to the internet?

Have you changed all your passwords?

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

The most we can really do in hacking cases is inform the user to change all their passwords.

We are only trained in malware removal.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-05-2013, 04:28 PM   #19
Registered Member
 
Join Date: Apr 2011
Posts: 75
OS: vista home premium sp2,Win7



I connect to the Internet, using the service of A T & T Uverse.

I have only one password and that is for my Norton Internet Security Vault which contains passwords I use on the Internet. That one password has been changed twice since I first posted. Passwords for financial institutions are not in the Vault. I don't do online banking at all. Anyone trying to find out my credit card numbers, if they succeed in logging on to the credit card company's site, will find that the complete account numbers are not available to them. And I continually monitor those account numbers.
__________________
pbone_tsf is offline  
Old 05-06-2013, 04:03 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,049
OS: XP SP3; Win7 32/64-bit



Have you tried changing your router password?

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspect audio virus and tool bar removal
Good evening and thank you for your efforts so far. I use an Acer AX1200-B1581A running Win 7 64 bit. Every audio source that I play is interrupted with silence or tone intervention. This includes internet sources as well as CD drive. I am older, my glasses are in the shop and I sincerely hope I...
sonofwilliam Resolved HJT Threads 81 03-19-2013 08:30 AM
Help with Malware issues WinXP on HP laptop
Hi.. First.. thanks for the help... it's my daughters laptop and she was not careful about where she went.. :-) The computer runs very slow.. Way too much stuff in browser toolbars in firefox, chrome, and safari. Attached is requested info from malware first steps. Thanks, Mike DDS...
MikeO302 Resolved HJT Threads 30 03-16-2013 08:15 AM
SUSPICIOUS Virus(?) detected in folder "Wat" in system32.
Title says it all really. I have a folder which my eScan virus scanner says is SUSPICIOUS or something... Also, I noticed it says I don't have administrative rights. I am the only user of my computer and I have set myself as administrator.... 07 Apr 2011 20:57:18 -...
Abengoshis Resolved HJT Threads 3 04-08-2011 06:16 AM
How do you add artist information to all mp3's in the same folder and its subfolders?
Hi everyone This is my first post on this forum I came here because I asked a question on yahoo answers and didn't get a proper answer, and I thought maybe someone here could help me. Here's the copy paste of my conversation on yahoo answers I asked Then someone replied So I added some...
Chance Boudreau Windows 7 Support, Windows Vista Support 1 03-23-2011 11:56 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:32 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts