Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing an .exe file!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help removing an .exe file!

Unread postby TrucknMom2 » February 23rd, 2013, 1:38 pm

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Owner at 8:59:22 on 2013-02-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.50 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.fantastigames.com/439
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: CouponAmazing 5.0: {9D0C1722-DAB5-4414-82EE-6FE282CC865B} - c:\documents and settings\owner\local settings\application data\couponamazing\ie\couponamazing_1359650662.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: {A057A204-BACC-4D26-8398-26FADCF27386} - <orphaned>
BHO: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Hoolapp Android] "c:\docume~1\owner\applic~1\hoolap~1\Hoolapp.exe" /Minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4589066690
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 1872922859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E0D0766-8E3C-43B6-A7C7-3349999721D2} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/439
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - ExtSQL: 2013-02-06 22:54; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: !HIDDEN! 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-6 65848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-5 361032]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-6 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-6 166840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-5 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-5 44808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-16 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-6 976728]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-12-5 668912]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S2 X4HSEx;X4HSEx;\??\c:\program files\free ride games\x4hsex.sys --> c:\program files\free ride games\X4HSEx.Sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-02-19 22:33:42 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-02-16 01:58:12 106088 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-02-16 01:58:12 106088 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-08 09:10:54 -------- dc-h--w- c:\windows\ie8
2013-02-07 01:11:17 -------- d-----w- c:\program files\FGIcon
2013-02-07 01:11:17 -------- d-----w- c:\documents and settings\owner\local settings\application data\couponamazing
2013-02-07 01:11:17 -------- d-----w- c:\documents and settings\owner\application data\HoolappForAndroid
2013-02-06 23:41:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-02-06 23:41:33 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-06 13:59:20 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-02-05 00:07:55 -------- d-----w- c:\documents and settings\all users\application data\FantastiGames
2013-02-05 00:07:16 -------- d-----w- c:\program files\FantastiGames
2013-01-31 17:23:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\Wajam
2013-01-29 19:12:21 -------- d-----w- c:\program files\HP Photo Creations
2013-01-29 19:12:21 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2013-01-29 18:59:38 974848 ----a-w- c:\windows\system32\hpost_p02b.dll
2013-01-29 18:59:37 737280 ----a-w- c:\windows\system32\hposwia_p02b.dll
2013-01-29 18:59:37 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
.
==================== Find3M ====================
.
2013-02-17 16:08:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-17 16:07:59 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:01:02.34 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2009 11:20:01 AM
System Uptime: 2/23/2013 8:20:30 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1992/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 8.232 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1145: 2/7/2013 9:00:10 PM - System Checkpoint
RP1146: 2/8/2013 3:00:24 AM - Software Distribution Service 3.0
RP1147: 2/9/2013 3:01:35 AM - Software Distribution Service 3.0
RP1148: 2/10/2013 3:03:04 AM - System Checkpoint
RP1149: 2/11/2013 3:59:22 AM - System Checkpoint
RP1150: 2/12/2013 4:12:55 AM - System Checkpoint
RP1151: 2/13/2013 5:14:20 AM - System Checkpoint
RP1152: 2/14/2013 3:00:46 AM - Software Distribution Service 3.0
RP1153: 2/15/2013 3:21:29 AM - System Checkpoint
RP1154: 2/16/2013 3:58:10 AM - System Checkpoint
RP1155: 2/17/2013 9:15:07 AM - System Checkpoint
RP1156: 2/18/2013 10:04:03 AM - System Checkpoint
RP1157: 2/19/2013 10:15:39 AM - System Checkpoint
RP1158: 2/20/2013 11:45:43 AM - System Checkpoint
RP1159: 2/21/2013 9:05:20 AM - Installed Rapport
RP1160: 2/22/2013 9:25:08 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop.com Uploader
Adobe Reader 9.5.4
avast! Free Antivirus
BufferChm
C4600
CCleaner
Comcast Desktop Software (v1.2.1)
Compatibility Pack for the 2007 Office system
CouponAmazing
CustomerResearchQFolder
D1300
D1300_Help
Defraggler
Destinations
DeviceDiscovery
Dropbox
eSupportQFolder
Facebook Plug-In
FUJIFILM MyFinePix Studio 1.0
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart and Deskjet 7.0 Software
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
LogMeIn
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PS_AIO_05_C4600_Software_Min
QuickTime
QuickTransfer
Rapport
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoImpression
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XFINITY Caller ID
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
2/22/2013 12:44:36 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2013 12:44:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
2/20/2013 7:05:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/17/2013 9:59:51 AM, error: Service Control Manager [7000] - The X4HSEx service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
I am completely computer illiterate and so is my husband. I think we downloaded something that we shouldn't have. Our computer showed a DOS screen (as my daughter described it as via a phone conversation)..it said primary hard disk drive 0 not found. Then when I tried to esc it said press F1 to retry boot, F2 to set up utility. I didn't know what to do so I pushed F1 and it only beeped. F2 I didn't know so I turned the thing off manually. After trying it a few times Windows xp started up. I don't understand. So I called my child again, she told me to right click on start and explore after I did my Avast scans, and I found :
File name: process 1124 [rapportmgmtservice.exe]
Severity: High
Status: Threat: Win32 MalOb-JN (cryp)
So I don't know how or where to begin to remove this file if I have to. She told me I have to.
Help please. ;)
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm
Advertisement
Register to Remove

Re: Need help removing an .exe file!

Unread postby wannabeageek » February 23rd, 2013, 9:45 pm

Hello TrucknMom2, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » February 24th, 2013, 3:57 pm

Hello!
Glad to cyber meet you. :P
I thank you for helping me.
I'll hang tight.

~TrucknMom2
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby wannabeageek » February 25th, 2013, 2:21 am

Hello TrucknMom2,


TrucknMom2 wrote:I thank you for helping me.
My pleasure.



Please complete the following:

Step 1.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    CouponAmazing
    Java(TM) 6 Update 22
    Java(TM) 6 Update 31
    Yontoo Layers Client 1.10.01
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs...some may not have an uninstall feature.
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished...close/exit Add/Remove Programs.



Step 2.
Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

c:\windows\system32\oleaut32.dll
c:\windows\system32\quartz.dll


Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.


Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Results of Upload to virustotal
  2. Contents of OTL.txt
  3. Contents of Extras.txt
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » February 25th, 2013, 12:27 pm

I am going to do as you suggested. I will ask if I need help in the process.
THANK YOU so much for helping me!
~Pam
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » February 25th, 2013, 1:49 pm

wbg,
I am going nuts here. haha.
I did remove the 4 programs successfully. I then did the Virus Total, of which I HAD copy/pasted the links here BUT when I went to download OTL the link I chose (http://www.softpedia.com/progDownload/O ... 21680.html) ended up downloading http://install2.optimum-installer.com/o ... tpedia.com
So..I then saw it was not a binary file! I will go see if I can remove that file or should I wait until I hear from you? I'm crying here..not really but want to! haha
I went to your original reply here and clicked on that which did give me a binary file. Do you want me to continue on? I have to redo the 2nd step now too as it was in my reply that somehow disappeared ...
Oh..I'm going to go and redo step 2, then I will do step 3 and let you know the results.
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » February 25th, 2013, 2:23 pm

okay..step 2: Virus Total
https://www.virustotal.com/en/file/c2a0 ... 361814764/
https://www.virustotal.com/en/file/2454 ... 361814930/
OTL:
OTL logfile created on: 2/25/2013 12:02:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.99 Mb Total Physical Memory | 79.02 Mb Available Physical Memory | 15.49% Memory free
1.22 Gb Paging File | 0.55 Gb Available in Paging File | 45.18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.58 Gb Free Space | 23.04% Space Free | Partition Type: NTFS

Computer Name: HOMES-9448A7F3B | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/25 11:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/02/19 16:34:56 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/06 07:59:04 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/06 07:59:04 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/01/20 13:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/01 11:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/17 14:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/25 03:54:49 | 002,063,360 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13022500\algo.dll
MOD - [2013/02/19 16:34:50 | 003,067,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 14:42:20 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2011/12/13 23:02:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/19 16:34:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/17 10:08:04 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 07:59:04 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/01 11:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/03/01 11:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 11:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/02/19 21:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X4HSEx.Sys -- (X4HSEx)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/06 07:59:22 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/02/06 07:59:20 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/02/06 07:59:20 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 02:34:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/05/28 14:42:19 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/03/01 11:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 14:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 14:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 22:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/03/31 23:30:34 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/16 18:49:16 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/16 18:49:16 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www22.verizon.com/Foryourho [Binary data over 200 bytes]
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.fantastigames.com/439
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 39 90 FB 90 49 CB 01 [binary data]
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={45A15268-BDF1-4f7d-B325-A18661DDD96E}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{1B977252-65EC-DFCB-E752-794A37822658}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresult ... =chrome&q={searchTerms}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://my.verizon.com/central/vzc.porta ... r-v6-IE&q={searchTerms}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{7B778A05-D20F-5F8F-66DF-EA2ADE1B9C35}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=439&q={searchTerms}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{9CC0CE6A-33A7-F5FF-A61D-F0902379161B}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z005&form=ZGAIDF
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3036369
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z125&form=ZGAIDF&install_date=20111011&iesrc={referrer:source}
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://isearch.fantastigames.com/439"
FF - prefs.js..extensions.enabledAddons: rgdxjgzlzl%40rgdxjgzlzl.org:2.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121219100509
FF - prefs.js..extensions.enabledAddons: %7Bb97ed18c-1a8a-4acc-884f-b4fe7415adf2%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_0.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/06 19:10:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/10 14:52:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/19 16:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/21 10:26:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/06 19:10:07 | 000,000,000 | ---D | M]

[2013/02/07 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/02/25 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions
[2013/02/06 22:54:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/10 21:33:26 | 000,000,000 | ---D | M] (Serif DrawPlus Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}
[2011/04/16 14:27:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\LogMeInClient@logmein.com
[2011/10/10 18:37:24 | 000,000,000 | ---D | M] (SmartDeals) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\smartdeals@smart-deals.com
[2004/08/16 18:49:16 | 000,004,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\rgdxjgzlzl@rgdxjgzlzl.org.xpi
[2012/12/28 20:56:35 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/01/21 08:34:04 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/10/10 18:37:21 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\searchplugins\bing-zugo.xml
[2011/10/10 18:22:09 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\searchplugins\SearchResults.xml
[2013/01/31 11:23:15 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\searchplugins\WebSearch.xml
[2013/02/19 16:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/19 16:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/02/19 16:34:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/10 14:52:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/19 16:34:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 12:25:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/02/07 23:35:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/02/25 10:40:10 | 000,000,955 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober59048500.gif
[2010/04/28 01:13:45 | 000,000,181 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober59048500.src
[2011/05/24 07:29:17 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/10/10 18:22:09 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2013/02/19 16:34:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010/08/11 14:39:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\verizontb.xml
[2013/01/31 11:23:15 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml

O1 HOSTS File: ([2010/06/11 09:37:20 | 000,404,365 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003..\Run: [Hoolapp Android] "C:\DOCUME~1\Owner\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4589066690 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 1872922859 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E0D0766-8E3C-43B6-A7C7-3349999721D2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 10:17:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 16:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/15 23:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Seed Catalog, Garden Seeds, Fruit Trees, Vegetable Seeds, Strawberry plants, Vegetable Plants and More - Gurney's Seed and Nursery_files
[2013/02/08 03:10:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/06 19:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/02/06 19:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HoolappForAndroid
[2013/02/06 19:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\FGIcon
[2013/02/06 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2013/02/06 07:59:20 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/02/04 18:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FantastiGames
[2013/02/04 18:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames
[2013/01/31 11:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam
[2013/01/29 13:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/01/29 13:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2013/01/29 12:59:38 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_p02b.dll
[2013/01/29 12:59:37 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p02b.dll
[2013/01/29 12:59:37 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p02a.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/25 11:43:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/25 08:54:15 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/25 08:52:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/24 10:09:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/22 14:08:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/21 10:26:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2013/02/17 10:09:50 | 000,077,300 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Seed Catalog, Garden Seeds, Fruit Trees, Vegetable Seeds, Strawberry plants, Vegetable Plants and More - Gurney's Seed and Nursery.htm
[2013/02/17 10:08:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/17 10:07:59 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/17 04:28:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2013/02/15 23:32:47 | 000,484,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/15 23:32:47 | 000,088,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/15 23:27:54 | 000,206,650 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pam in wedding.jpg
[2013/02/14 03:47:52 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/09 11:01:08 | 000,007,596 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thecross.jpg
[2013/02/06 22:54:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/06 22:54:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/02/06 17:59:15 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/02/06 07:59:20 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/01/31 11:24:05 | 000,000,000 | ---- | M] () -- C:\end
[2013/01/31 11:22:50 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Games.lnk
[2013/01/29 13:47:59 | 000,172,310 | ---- | M] () -- C:\WINDOWS\hpoins36.dat
[2013/01/29 13:12:23 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2013/01/29 13:07:46 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2013/01/29 13:06:00 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2013/01/29 13:03:33 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/01/29 07:07:09 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/15 23:25:39 | 000,077,300 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Seed Catalog, Garden Seeds, Fruit Trees, Vegetable Seeds, Strawberry plants, Vegetable Plants and More - Gurney's Seed and Nursery.htm
[2013/02/09 11:01:06 | 000,007,596 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thecross.jpg
[2013/02/06 22:54:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/06 22:54:15 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/06 22:54:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/31 11:22:50 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Play Games.lnk
[2013/01/31 11:21:45 | 000,000,000 | ---- | C] () -- C:\end
[2013/01/29 13:12:23 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2013/01/29 13:07:46 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2013/01/29 13:06:00 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2013/01/29 12:24:38 | 000,161,555 | ---- | C] () -- C:\WINDOWS\hpoins36.dat.temp
[2013/01/29 12:24:38 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat.temp
[2013/01/29 07:07:09 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/18 09:50:00 | 000,172,310 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2012/02/18 09:49:59 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2012/02/15 06:42:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/16 15:56:09 | 000,124,156 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2011/04/16 15:56:09 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2011/04/16 15:44:33 | 000,123,131 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2011/04/16 15:44:33 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2010/03/26 20:30:41 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/09/17 18:35:43 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$3b167ba579d7c3e5d5d6c55f847f56d8\@
[2011/06/15 06:17:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 05:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010

< End of report >
Extras:
OTL Extras logfile created on: 2/25/2013 12:02:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.99 Mb Total Physical Memory | 79.02 Mb Available Physical Memory | 15.49% Memory free
1.22 Gb Paging File | 0.55 Gb Available in Paging File | 45.18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.58 Gb Free Space | 23.04% Space Free | Partition Type: NTFS

Computer Name: HOMES-9448A7F3B | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Documents and Settings\Owner\My Documents\Downloads\FLVPlayerSetup.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\FLVPlayerSetup.exe:*:Enabled:InstallCore™
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5339885F-4597-4343-BD3B-74280CC79424}" = VideoImpression
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5CC7EA-DF66-B0B4-8E71-D2041EE36BB7}" = XFINITY Caller ID
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD8FC58F-881E-01FB-A7F3-5D8F6210467A}" = Adobe Photoshop.com Uploader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Uploader
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = XFINITY Caller ID
"Defraggler" = Defraggler
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel(R) PRO Network Connections Drivers
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2012 12:07:11 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 12/17/2012 1:03:23 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 12/24/2012 1:32:37 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 12/31/2012 1:57:21 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 1/7/2013 2:15:07 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 1/14/2013 7:50:09 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 1/14/2013 11:26:45 AM | Computer Name = HOMES-9448A7F3B | Source = MsiInstaller | ID = 11328
Description = Product: Adobe Reader 9.5.3 -- Error 1328.Error applying patch to
file C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll. It has probably been
updated by other means, and can no longer be modified by this patch. For more
information contact your patch vendor. System Error: -1072807676

Error - 1/14/2013 11:26:48 AM | Computer Name = HOMES-9448A7F3B | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader 9.5.3 - Update 'Adobe Reader 9.5.3 - CPSID_83708'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 1/21/2013 8:33:30 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

Error - 1/28/2013 9:00:08 AM | Computer Name = HOMES-9448A7F3B | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.11.1, faulting module
hpwucli.exe, version 5.0.11.1, fault address 0x00009af5.

[ System Events ]
Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:17 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/25/2013 12:42:18 PM | Computer Name = HOMES-9448A7F3B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
I hope I did everything as needed..(wipping the sweat from my brow phew!)
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby wannabeageek » February 28th, 2013, 12:44 am

Hello TrucknMom2,

I apologize for the long delay. Thank you for your patience. You are doing very good. Please hang in there as we have more to do.


Step 1.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    Adobe Reader 9.5.4
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs...some may not have an uninstall feature.
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished...close/exit Add/Remove Programs.


Step 2.
OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
  2. Under the Standard Registry box change it to All.
  3. Check/tick the boxes beside LOP Check and Purity Check.
  4. Copy the following text... do not include the quote box title "Quote'
    :commands
    [createrestorepoint]

    :OTL
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.fantastigames.com/439
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q= {searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s= {searchTerms}&f=4
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q= {searchTerms}&c=web&s=DSP&v=19&tid={45A15268-BDF1-4f7d-B325-A18661DDD96E}
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=439&q= {searchTerms}
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3036369
    IE - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q= {searchTerms}
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://isearch.fantastigames.com/439"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
    O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - No CLSID value found.
    O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\S-1-5-21-73586283-1202660629-1644491937-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - Reg Error: Key error. File not found
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:956EC010

    :Commands
    [EMPTYTEMP]
  5. Click under the Custom Scan/Fixes box and paste the copied text.
  6. Click the Run Fix button. If prompted... click OK.
  7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  8. Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
  3. Contents of SystemLook.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » February 28th, 2013, 10:42 am

Hello wbg,
I did as instructed. :) Files are below.
As for the computer and how it's been prior to this....it was still redirecting me at the search engine, running slow, and would crash at times. But I did notice that finally after doing the first on the list of to do's you gave me the search engine did not reveal fantasisearch as my browser! yay! So..by George I think you're onto something!! I will wait for you to instruct further..
Have fun! ;)

========== OTL ==========
HKU\S-1-5-21-73586283-1202660629-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://isearch.fantastigames.com/439" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:956EC010 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02282013_020610

SystemLook 30.07.11 by jpshortstuff
Log created at 02:17 on 28/02/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_equalizer_dead.gif --a--c- 334 bytes [15:57 27/10/2010] [15:57 27/10/2010] 499A6F58DCB20F3BB52395F9B9BD20C9
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_minimize.gif --a--c- 366 bytes [15:57 27/10/2010] [15:57 27/10/2010] FE49A8D6C3900AC8AFD1E075E34B6F29
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_play.gif --a--c- 1076 bytes [15:57 27/10/2010] [15:57 27/10/2010] 3CF9F136F15EDF91DC7A328653D40024
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_stop.gif --a--c- 1106 bytes [15:57 27/10/2010] [15:57 27/10/2010] 527FF1AE7CFD8794164EE22E81982274
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_vol.gif --a--c- 1121 bytes [15:57 27/10/2010] [15:57 27/10/2010] 1AE5DA7ABE40EAB5FCB5D0911CBE2D44
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2407811\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_xml.xml --a--c- 5811 bytes [21:45 21/02/2010] [21:45 21/02/2010] 3F2A50E983067F6438F9E1AE729AE7F9
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2776682\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Mint_display_xml.xml --a--c- 5803 bytes [15:57 27/10/2010] [15:57 27/10/2010] 59AA8CF6F2F8E49F363CD4C0040AA2E8
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:05 10/02/2013] [21:14 10/02/2013] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:05 10/02/2013] [21:14 10/02/2013] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\searchplugin\conduit.xml --a---- 931 bytes [16:06 10/02/2013] [21:14 10/02/2013] 990DFBD94FFD3BC1B81D62026F942431
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1168776_1164461_US.xml --a--c- 199 bytes [16:07 05/12/2010] [18:19 13/12/2010] 1CF12D3103541A4A3CF247B84DE95639
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml --a--c- 191 bytes [16:07 05/12/2010] [18:19 13/12/2010] 43C93B80235159F037CEA9A173922F92
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=1168776&fid=1164461.xml --a--c- 192 bytes [15:57 27/10/2010] [08:50 03/11/2010] 8D217F824DBB0726B795117E63FEEB78
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_1_0_7.xml --a--c- 10909 bytes [16:07 05/12/2010] [12:34 13/12/2010] 1B3B574AA349758343D3C80787B9739E

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
C:\Program Files\iLivid\ilivid.exe -----c- 2033152 bytes [00:23 11/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
C:\Documents and Settings\Owner\My Documents\Downloads\vshare-plugin.exe --a--c- 1111120 bytes [00:41 14/12/2010] [00:41 14/12/2010] 1B66330C9F46BA6C135C0324135A98EA

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
C:\Documents and Settings\Owner\My Documents\Downloads\YontooClientSetup.exe --a--c- 602464 bytes [13:55 10/12/2010] [13:55 10/12/2010] D3C1AB47797D24A8DB1CE94FD23F0013

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts d------ [15:53 27/10/2010]
C:\Program Files\Conduit\Community Alerts d------ [15:53 27/10/2010]

Searching for "*Conduit*"
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit d------ [21:44 21/02/2010]
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon d------ [09:20 04/06/2012]
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\ConduitEngine d------ [18:36 13/12/2010]
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit d------ [15:53 27/10/2010]
C:\Program Files\Conduit d------ [15:53 27/10/2010]

Searching for "*datamngr*"
C:\Program Files\Windows iLivid Toolbar\Datamngr d------ [00:22 11/10/2011]

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player d------ [00:28 11/10/2011]
C:\Program Files\iLivid d------ [00:23 11/10/2011]
C:\Program Files\Windows iLivid Toolbar d------ [00:22 11/10/2011]

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Data\Feeds\1164461]
"Url"="http://alerts.conduit-services.com/root/1168776/1164461/US"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/US"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_CURRENT_USER\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_CURRENT_USER\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.1.0.7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Data\Feeds\1164461]
"Url"="http://alerts.conduit-services.com/root/1168776/1164461/US"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/US"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.1.0.7]

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\Datamngr]
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Datamngr]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\DataMngr_Toolbar]

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\ilivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\ilivid]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]

Searching for "Searchnu"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mml\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm\OpenWithProgIDs]
"soffice.StarMathDocument.6"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument\CurVer]
@="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".mml"="soffice.StarMathDocument.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenOffice.org\OpenOffice.org\3.3\Capabilities\FileAssociations]
".sxm"="soffice.StarMathDocument.6"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files\Yontoo Layers Client\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files\Yontoo Layers Client"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
@="Yontoo Layers Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Layers Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
@="Yontoo Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CurVer]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo Layers"

-= EOF =-
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby wannabeageek » March 1st, 2013, 9:36 am

Hello TrucknMom2,

Glad to hear we are making progress. There is more we need to do.


Step 1.
OTL - System Scan/Fix This program should still be on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
  2. Under the Standard Registry box change it to All.
  3. Check/tick the boxes beside LOP Check and Purity Check.
  4. Copy the following text... do not include the quote box title "Quote'
    :commands
    [createrestorepoint]

    :Reg
    [-HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\ilivid]
    [-HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\DataMngr_Toolbar]
    [-HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Datamngr]
    [-HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [-HKEY_CURRENT_USER\Software\Datamngr]
    [-HKEY_CURRENT_USER\Software\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]


    :Files
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2407811\radio\Skins
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2776682\radio\Skins
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}
    C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
    C:\Program Files\iLivid
    C:\Program Files\Conduit
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon
    C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\ConduitEngine
    C:\Program Files\Windows iLivid Toolbar
    C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player
    C:\Documents and Settings\Owner\My Documents\Downloads\vshare-plugin.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\YontooClientSetup.exe

    :Commands
    [EMPTYTEMP]
  5. Click under the Custom Scan/Fixes box and paste the copied text.
  6. Click the Run Fix button. If prompted... click OK.
  7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  8. Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 2.
SystemLook should still be on your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Community*
    *Conduit*
    *datamngr*
    *iLivid*
    *Searchqu*
    *trolltech*
    *vshare*
    *Yontoo*
    
    :folderfind
    *Community*
    *Conduit*
    *datamngr*
    *iLivid*
    *Searchqu*
    *trolltech*
    *vshare*
    *Yontoo*
    
    :Regfind
    Community
    Conduit
    datamngr
    iLivid
    Searchqu
    trolltech
    vshare
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Contents of OTL.txt log
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » March 1st, 2013, 1:36 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\ilivid\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Datamngr\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found.
========== FILES ==========
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\facebook folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2407811\radio\Skins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2776682\radio\Skins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\searchplugin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\Plugins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\modules folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\META-INF folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\defaults folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2} folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit folder moved successfully.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\modules\3.15.1.0 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\modules\3.14.1.0 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\modules\3.13.0.6 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\modules folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert\Dialogs folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon\alert folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\ConduitEngine\apps folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\ConduitEngine folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player folder moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\vshare-plugin.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\YontooClientSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 53632 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 102954 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser.HOMES-9448A7F3B
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 430694393 bytes

User: Owner
->Temp folder emptied: 47603 bytes
->Temporary Internet Files folder emptied: 97030 bytes
->Java cache emptied: 128916467 bytes
->FireFox cache emptied: 425012105 bytes
->Apple Safari cache emptied: 1496064 bytes
->Flash cache emptied: 113910 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4532241 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494137 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 282313340 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,215.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03012013_103441

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\imp[1].com%2Fmc%2Fwelcome%3Fymv%3D0&r=0&SIG=13d5viu6e;x-cookie=4p94c0q8u69ec&o=4&q=o4Jp93OcLRWUccIZ0pnIYAjH2HqzWmGQMVa9uj--&f=5d&v=Cszdqa_0QAYGqvEVs4wo;LnubbBcgBhg not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209970218_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209989578_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210009890_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210100812_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210124968_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210132921_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210183984_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210203062_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210344734_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210349109_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210554515_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210562703_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210572046_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210605078_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210724828_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211022234_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211058171_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211068000_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211083968_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211110890_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211133125_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211156890_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211158859_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211180843_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211217125_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211258109_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211274875_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211277234_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211297656_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211316421_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211323375_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211456906_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211833875_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212048031_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212064015_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SL2ZC1YF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212070906_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209965546_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209970296_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210108609_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210178328_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210308671_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210337484_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210383593_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210439328_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210605156_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210996468_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211029140_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211094046_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211150531_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211173093_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211194562_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211240218_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211262859_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211290984_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211312734_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211976500_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212068750_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KIH9PTQP\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212095187_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209965562_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209970140_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209980296_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210107984_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210164656_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210170093_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210171109_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210300390_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210378953_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210487453_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210594937_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210964828_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211059625_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211067031_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211123765_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211146312_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211219500_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211227578_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211261156_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211289953_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211326796_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211576921_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211953859_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212050546_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8VZ1CZTF\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212068187_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\emotional_armor;contentid=c2474799;abr=!webtvs;camp=beanstalk;src=daily-reflections;pos=pushdown;frId=ad_15_pushdown;wgt=5;sz=970x90,1x1;tile=1;ord=730369710450687[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209977531_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360209986078_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210008265_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210106484_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210184921_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210347265_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210432750_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210440859_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210480093_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210504984_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360210560421_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211004843_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211032218_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211039500_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211155140_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211165281_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211180078_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211212390_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211268406_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211277546_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211323140_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211336921_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360211697031_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212047484_callback not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\85IBS9A5\rom20socialnotificationssummary20where20guid203D2022EEVSVC7INPXKNVMA4O4RH7BAYE2220and20newCount3D22122formatjsoncrumb3jfl5U7zHmc_maxage60t_notifications_count1360212054484_callback not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Oh man..now I cannot find where the 2nd scan is..not on my desktop...I know it's in notepad but how do I search all of notepad?
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » March 1st, 2013, 8:18 pm

WBG,

Okay..I believe this is it for the SystemLook results...

SystemLook 30.07.11 by jpshortstuff
Log created at 11:11 on 01/03/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_equalizer_dead.gif --a--c- 334 bytes [15:57 27/10/2010] [15:57 27/10/2010] 499A6F58DCB20F3BB52395F9B9BD20C9
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_minimize.gif --a--c- 366 bytes [15:57 27/10/2010] [15:57 27/10/2010] FE49A8D6C3900AC8AFD1E075E34B6F29
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_play.gif --a--c- 1076 bytes [15:57 27/10/2010] [15:57 27/10/2010] 3CF9F136F15EDF91DC7A328653D40024
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_stop.gif --a--c- 1106 bytes [15:57 27/10/2010] [15:57 27/10/2010] 527FF1AE7CFD8794164EE22E81982274
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit\cachedIcons\http___storage_conduit_com_BankImages_RadioSkins_Mint_vol.gif --a--c- 1121 bytes [15:57 27/10/2010] [15:57 27/10/2010] 1AE5DA7ABE40EAB5FCB5D0911CBE2D44
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2407811\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_xml.xml --a--c- 5811 bytes [21:45 21/02/2010] [21:45 21/02/2010] 3F2A50E983067F6438F9E1AE729AE7F9
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\CT2776682\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Mint_display_xml.xml --a--c- 5803 bytes [15:57 27/10/2010] [15:57 27/10/2010] 59AA8CF6F2F8E49F363CD4C0040AA2E8
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [16:05 10/02/2013] [21:14 10/02/2013] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:05 10/02/2013] [21:14 10/02/2013] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\searchplugin\conduit.xml --a---- 931 bytes [16:06 10/02/2013] [21:14 10/02/2013] 990DFBD94FFD3BC1B81D62026F942431
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1168776_1164461_US.xml --a--c- 199 bytes [16:07 05/12/2010] [18:19 13/12/2010] 1CF12D3103541A4A3CF247B84DE95639
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml --a--c- 191 bytes [16:07 05/12/2010] [18:19 13/12/2010] 43C93B80235159F037CEA9A173922F92
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=1168776&fid=1164461.xml --a--c- 192 bytes [15:57 27/10/2010] [08:50 03/11/2010] 8D217F824DBB0726B795117E63FEEB78
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_1_0_7.xml --a--c- 10909 bytes [16:07 05/12/2010] [12:34 13/12/2010] 1B3B574AA349758343D3C80787B9739E

Searching for "*datamngr*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\iLivid\ilivid.exe --a--c- 2033152 bytes [00:23 11/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86

Searching for "*Searchqu*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\My Documents\Downloads\vshare-plugin.exe --a--c- 1111120 bytes [00:41 14/12/2010] [00:41 14/12/2010] 1B66330C9F46BA6C135C0324135A98EA

Searching for "*Yontoo*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\My Documents\Downloads\YontooClientSetup.exe --a--c- 602464 bytes [13:55 10/12/2010] [13:55 10/12/2010] D3C1AB47797D24A8DB1CE94FD23F0013

========== folderfind ==========

Searching for "*Community*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts d------ [16:36 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\Conduit\Community Alerts d------ [15:53 27/10/2010]

Searching for "*Conduit*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduit d------ [16:36 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\conduitCommon d------ [16:36 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\ConduitEngine d------ [16:37 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Conduit d------ [16:36 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\Conduit d------ [16:36 01/03/2013]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [00:22 11/10/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\03012013_103441\C_Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player d------ [00:28 11/10/2011]
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\iLivid d------ [16:36 01/03/2013]
C:\_OTL\MovedFiles\03012013_103441\C_Program Files\Windows iLivid Toolbar d------ [16:37 01/03/2013]

Searching for "*Searchqu*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Community"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\camping-community.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\camping-community.com]

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "iLivid"
No data found.

Searching for "Searchqu"
No data found.

Searching for "trolltech"
No data found.

Searching for "vshare"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files\Yontoo Layers Client\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files\Yontoo Layers Client"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Layers Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo Layers"

-= EOF =-

If this is not right, let me know I will redo that step..I don't think I know how to save it to my desk top, as it just asks to save file as an option.

-TrucknMom2
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby wannabeageek » March 3rd, 2013, 1:10 pm

Hello TrucknMom2,

TrucknMom2 wrote:If this is not right,...
This is right and you have done very well. :D
Please run ESET and post the results in your next post.

ESET online scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » March 4th, 2013, 10:32 am

Before I go any further, please tell me how I turn off my avast. I backed up my settings but don't know how to stop it from running.
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Need help removing an .exe file!

Unread postby TrucknMom2 » March 4th, 2013, 11:58 am

I think the 'remove found threats' WAS checked! Because it says 2 removed. Is there a way to see what it was? I am sorry..direct my next move...I won't touch anything until I hear from you..so sorry.
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware