also @ TechSpot: Jolla unveils first Sailfish OS smartphone, set to ship this year

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Trojan.BHO removed but internet explorer and options issues

Discussion in 'Virus and Malware Removal' started by sinc22, Jan 29, 2013.

Post New Reply

Page 2 of 3

sinc22 Newcomer, in training Posts: 33

OTL Extras logfile created on: 1/31/2013 6:26:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ahn Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 31.91% Memory free
9.75 Gb Paging File | 6.72 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): c:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.92 Gb Total Space | 341.23 Gb Free Space | 49.82% Space Free | Partition Type: NTFS
Drive D: | 13.71 Gb Total Space | 1.32 Gb Free Space | 9.65% Space Free | Partition Type: NTFS

Computer Name: DESKTOP1 | User Name: Ahn Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-940463781-997724917-3987062868-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = DD 18 17 86 5F 4F CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B4257-A7FA-42D1-8F59-C3A751757E61}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0331F941-9648-417C-9191-C5E1E0B9F96E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0BAF07D7-FCB1-49D9-A44A-D7027F14EC16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26DC4BDD-0624-4A95-9D90-8403C3233394}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A941488-8D32-4409-AF73-67CE657A1DE5}" = lport=139 | protocol=6 | dir=in | app=system |
"{36300930-A550-4E47-9006-DD2ACA2BC234}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BAE9B17-44E1-4015-B597-805AF5D7BA8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4096F4DE-5A40-4B4C-92FC-A99D4744B15C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A225E99-EEBE-4D2C-B1FE-87A34310F437}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CE28593-9F0A-4F5F-8E87-5208E1B4C52C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E897534-4EF1-46F9-8DF5-D3C4B6A21A73}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BC11EED-A2C8-45FB-81DE-8BF465135D74}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E3FB0E2-09DC-4819-88F6-298C5E3CF410}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E39C001-3A08-4B28-AEEC-1F393CC38263}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86BC88E4-6A3B-4063-9E65-B288A7BBAB4A}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{9196F232-6643-4C2E-877B-F02A9A8DF49C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99B34317-9FA0-4C95-9716-62CFAD133E87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C1A9A23-A1E0-4269-AA5D-239C1B39C2DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{A02D1046-9ABA-4CE5-BA9E-346A85F18E26}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{B115767E-0CC9-4C0A-BD28-B5E349727A2F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C05CFB95-6980-46D2-A5E9-1D32FA83C4BD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4565F86-A7C0-4394-8413-36A0402A410D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C78DB3C1-6186-4083-B74F-B56855A0DC2A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CABFA986-F040-459F-9E8D-6BC935DA7740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB1CD576-9D99-4B5A-A0CA-52F8840DF323}" = rport=445 | protocol=6 | dir=out | app=system |
"{CEE78442-DFBE-4D8E-A70C-B3F3A983DCD6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0257817-2B16-4321-A0B9-9FA12B7EA91D}" = lport=138 | protocol=17 | dir=in | app=system |
"{D188B595-C407-4612-A19B-3E22CB2B5797}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5DEACB8-E570-44FB-97BD-29BFB70524F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD0A9F09-A90C-460F-B601-142D40E2CF56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CE4442-BF36-480F-AB07-43D1DCE6C0A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09483EB3-F876-490A-9E70-C947DC1DB8E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BED9141-C82E-4C08-9DFF-56C149040D68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0E2D5030-965E-4A12-BAA8-CCB5A1DF51D9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1145AF81-4939-4B57-9C0C-BFE55E8A63D2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{120013F1-8AC5-42FA-B708-7D87B69E98CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BB14C88-F263-4ED6-B581-034563998833}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{1E62C99F-A4A2-4FFD-80B9-87A824C96176}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26619779-8405-43B3-B183-2A1D66C71E25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2998B360-39D7-45EF-AE8F-54669F5AAA3D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2BAF5225-47CD-4F4E-9607-4BC453F2F629}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{441A17C2-7B46-42F3-9F1C-19DC0B9E6E04}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C3C8DA7-42B6-4842-8D76-521F9A3178F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D75EBBC-FFE7-47E7-A7F9-A30189DE301E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A58A2BF-D9F9-4E71-9511-0F1D70383369}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5FE72AF5-B38E-4A17-89B3-FAE213023E4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61BCEC40-8592-4C38-B349-55C4C9DFBA90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{6642818F-80FD-4875-B8E0-BF032B646501}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{67EAE2B8-91BA-41E9-83ED-29ABE61414B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BBB6144-0B9E-4D67-9E85-0D69996E0F1B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C0196EF-39A5-4DC3-AEEE-8E3E6F8DAC7B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E9956CC-EC4D-49FC-AC70-B62BD056254F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{743B13EA-46E9-4D7B-9549-D2E939014219}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{74EFB5F9-815D-483C-85AB-3849A46DF4E5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{75CCB5D3-9B4E-483C-9EA5-26A773BC1265}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7B197D4C-F114-4867-9D20-1B510A95DD98}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7B23CD91-96E3-4370-A3FA-4B9CF7BE72B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{7C0A11DB-C681-4470-AC74-1F0B85858C4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97479445-AF8E-426C-92E0-0586206FF745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{9848326C-8987-4D62-8FFC-3FDB68E3F04D}" = protocol=6 | dir=out | app=system |
"{988F34CE-6ACD-47DA-B9A6-2E5C968FBDCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{A4F5A918-D12A-49C7-8F07-6A6148E5D154}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB21CB81-4A08-44D7-9F0B-290808A00547}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{AE429085-A9EF-4433-9D10-B9FB74D3B59E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEF9E4BB-34FF-4661-BF93-E20C9233BF54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFCDCF0D-D630-4D55-B293-2911E5E12917}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B42918D4-0DE8-4712-977E-DAFC84538EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C06C13B6-51D6-406A-BD01-149F24FC628A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{C3DEB8DD-329C-417C-B4CE-F268FE459FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CD7AB90A-F3AB-4FE1-AFCA-E9C5B5AAE62C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7AD037F-DAC4-46A4-AC17-1C03BA3CD264}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7E6B49D-B7E9-4464-AAE2-4F5CB7E60CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DD633614-0EEC-49DD-92F2-C1EB0A184D1F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E14E9B31-48E0-4804-9482-73023DFA8289}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E1A49883-DAE2-4F0A-8768-E7B4081601CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBAAB251-FFA5-4DC8-ADBB-5900FB9AA9ED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F21AB1AC-EC47-4B49-82C3-FB4754E9D6DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F420A3C6-2A70-44C5-9476-E1A5968CF885}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{282D1345-243E-4D40-821B-DDD61AA79D57}C:\users\ahn home\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ahn home\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9D48388A-55FF-4EE4-B013-DA433ED9117A}C:\users\ahn home\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ahn home\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9EE00F01-92DA-4A08-83C2-2846262F92F8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B2480D9D-23F1-4DFF-8D6D-6D29F79A1D77}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{2AE7B81A-289A-4B2B-86D2-15B0A8E2863D}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{641C36D6-6F35-407B-9974-AF3D693C7253}C:\users\ahn home\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ahn home\appdata\roaming\spotify\spotify.exe |
"UDP Query User{73B420DB-2213-4A4D-A101-19F1B176E88A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8CF3CDFD-91B3-445B-876C-150239985C3D}C:\users\ahn home\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ahn home\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2620C21C-09DF-483F-EA44-6A880700E7CA}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9FB6EBE7-9B2A-E482-24CA-50D54B1B0E8F}" = ccc-utility64
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CanonMyPrinter" = Canon My Printer
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{1FC433CE-DCBE-6FE3-84C0-B65F2563F769}" = Catalyst Control Center Graphics Full Existing
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 38
"{281D28EC-1357-4778-B2D7-DEA56D70EF96}" = Logitech High Quality Video
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{608349EA-F46D-08E3-40C2-59DEFC0E4620}" = ccc-core-static
"{60923C21-C038-2396-59C5-CABD06C694F3}" = Catalyst Control Center Graphics Full New
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6685436F-D6DD-47BA-26B9-4C8A3B32B1D8}" = Catalyst Control Center Graphics Previews Common
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C1C9355-BD75-474D-A8D5-B2330AA463A3}" = IHA_MessageCenter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{723BCA9C-ED1B-C150-3FAF-AAE1D7364D40}" = CCC Help English
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{805FBA74-274F-C4C7-5A44-F5351EBD71ED}" = Catalyst Control Center Graphics Previews Vista
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A3AF9AA1-F8C3-B549-6752-95F6CB4D1904}" = Catalyst Control Center HydraVision Full
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B5C6B3B0-698E-E74F-16B2-B224A92ADBFF}" = Catalyst Control Center Graphics Light
"{B674F947-56D6-4793-B465-7D7C87E04D0C}" = ImageMixer 3 SE Ver.5 Video Tools
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF541017-8AE2-CB88-ED13-DA3751A66335}" = Catalyst Control Center InstallProxy
"{BF55B950-4227-49DF-914B-A8F63D236DB8}" = Amazon Cloud Drive
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{D31D0D42-22E1-5668-85D9-9E202664FEAB}" = Catalyst Control Center Core Implementation
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}" = ImageMixer 3 SE Ver.5 Transfer Utility
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8876-6509-6575-2789" = Page Builder QM 11 to 13
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoShop Chipboard Cutouts" = AutoShop Chipboard Cutouts
"AutoShop Emb" = AutoShop Emb
"AutoShop PP" = AutoShop PP
"Autumn Afternoon Emb" = Autumn Afternoon Emb
"Autumn Afternoon PP" = Autumn Afternoon PP
"Autumn Memories Mask QM" = Autumn Memories Mask QM
"Background Builders Vol 4" = Background Builders Vol 4
"Bathtime Bubbles Alpha" = Bathtime Bubbles Alpha
"Bathtime Bubbles Emb" = Bathtime Bubbles Emb
"Bathtime Bubbles PP" = Bathtime Bubbles PP
"Beep Beep Chipboard" = Beep Beep Chipboard
"Beep Beep Emb" = Beep Beep Emb
"Beep Beep PP" = Beep Beep PP
"Blessed Freebie Mini Pack" = Blessed Freebie Mini Pack
"Boo 2 You Emb" = Boo 2 You Emb
"Boo 2 You PP 2" = Boo 2 You PP 2
"Cake and Presents Emb" = Cake and Presents Emb
"Cake and Presents PP 1" = Cake and Presents PP 1
"Cake and Presents PP 2" = Cake and Presents PP 2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MX700 series User Registration" = Canon MX700 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cold Play Alphabet" = Cold Play Alphabet
"Cold Play Emb" = Cold Play Emb
"Cold Play PP" = Cold Play PP
"Dads Drawer Emb" = Dads Drawer Emb
"Dads Drawer PP" = Dads Drawer PP
"Decorative Edgers Vol 2" = Decorative Edgers Vol 2
"Delights of December Alpha" = Delights of December Alpha
"DESkey DK3 Uninstall" = DK3 Drivers v2.1.0.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Family Matters Emb" = Family Matters Emb
"Family Matters PP" = Family Matters PP
"Family Matters Stacked PP" = Family Matters Stacked PP
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Giggle Bear Boy Emb" = Giggle Bear Boy Emb
"Giggle Bear Boy PP" = Giggle Bear Boy PP
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Hamster Free ZIP Archiver_is1" = Hamster Free ZIP Archiver 1.2.0.6
"Harvest Delights Emb" = Harvest Delights Emb
"Harvest Delights PP" = Harvest Delights PP
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Let the Sun Shine Emb" = Let the Sun Shine Emb
"Let the Sun Shine PP" = Let the Sun Shine PP
"Little Baby Boy Emb" = Little Baby Boy Emb
"Little Baby Boy PP" = Little Baby Boy PP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MemoryMixer 3" = MemoryMixer 3
"Monkey See Monkey Do Alpha" = Monkey See Monkey Do Alpha
"Monkey See Monkey Do Emb" = Monkey See Monkey Do Emb
"Monkey See Monkey Do PP" = Monkey See Monkey Do PP
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"My Man QM" = My Man QM
"MyCamera" = Canon Utilities MyCamera
"Neutral Emb" = Neutral Emb
"Noel" = Noel
"On The Green" = On The Green
"Page Builder QM 005 to 007" = Page Builder QM 005 to 007
"Page Builder QM Sampler" = Page Builder QM Sampler
"Paper Perfection Volume 1" = Paper Perfection Volume 1
"Picasa 3" = Picasa 3
"Play in The Sand Emb" = Play in The Sand Emb
"Precious Memories Masks3 QM" = Precious Memories Masks3 QM
"Precious Memories Masks4 QM" = Precious Memories Masks4 QM
"QuickPar" = QuickPar 0.9
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shabby Boy Alpha" = Shabby Boy Alpha
"Shabby Boy Emb" = Shabby Boy Emb
"Shabby Boy PP" = Shabby Boy PP
"Shape Art" = Shape Art
"Snowman" = Snowman
"Spotify" = Spotify
"Spring Showers" = Spring Showers
"Spring Splendor Emb" = Spring Splendor Emb
"Spring Splendor PP" = Spring Splendor PP
"Stylish Alpha" = Stylish Alpha
"Sunny Blue Sky Mini" = Sunny Blue Sky Mini
"Sweet Baby Alphas" = Sweet Baby Alphas
"Sweet Baby Boy Emb" = Sweet Baby Boy Emb
"Sweet Baby Boy PP" = Sweet Baby Boy PP
"Tis the Season Emb" = Tis the Season Emb
"Tis the Season PP" = Tis the Season PP
"TTB000001.TTB000001Toolbar" = CouponBar
"Tulips And Chocolate Emb" = Tulips And Chocolate Emb
"Tulips And Chocolate PP" = Tulips And Chocolate PP
"Ugrib_is1" = Ugrib RC1
"What a Hoot Emb" = What a Hoot Emb
"What a Hoot PP" = What a Hoot PP
"Wonderful World Emb" = Wonderful World Emb
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"You Alpha" = You Alpha
"You Emb" = You Emb
"You Have been Framed" = You Have been Framed
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-940463781-997724917-3987062868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2013 11:59:08 PM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x14ac, application
start time 0x01cdff67083b49b0.

Error - 1/31/2013 12:06:04 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0xbf8, application
start time 0x01cdff6800508110.

Error - 1/31/2013 12:08:10 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x1a88, application
start time 0x01cdff684b513fb0.

Error - 1/31/2013 12:10:17 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x1ac0, application
start time 0x01cdff6896e6c440.

Error - 1/31/2013 12:12:23 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x464, application
start time 0x01cdff68e18e6660.

Error - 1/31/2013 12:19:04 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x16d0, application
start time 0x01cdff69d144fa20.

Error - 1/31/2013 12:23:46 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x57c, application
start time 0x01cdff6a790688a0.

Error - 1/31/2013 12:25:53 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0xc34, application
start time 0x01cdff6ac44f9ae0.

Error - 1/31/2013 12:27:58 AM | Computer Name = Desktop1 | Source = Application Error | ID = 1000
Description = Faulting application findstr.exe, version 6.0.6002.18005, time stamp
0x49e0195f, faulting module findstr.exe, version 6.0.6002.18005, time stamp 0x49e0195f,
exception code 0xc0000005, fault offset 0x0000425d, process id 0x6bc, application
start time 0x01cdff6b0f9c0880.

Error - 1/31/2013 7:26:00 AM | Computer Name = Desktop1 | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c74 Start Time: 01cdffa58f086070 Termination Time: 3

[ Media Center Events ]
Error - 1/17/2009 12:45:24 AM | Computer Name = AhnHome | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:01:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/31/2013 4:06:38 AM | Computer Name = Desktop1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

sinc22, Jan 31, 2013

#21
sinc22 Newcomer, in training Posts: 33

JRT seems to hang up every time I try to run it and I get the following error window "Find String (QGREP) has stopped working"

sinc22, Jan 31, 2013

#22
Broni Malware Annihilator Posts: 39,313 +175
"Internet Options" under Control Panel still does not work including deleting browser history and temp files.

Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
Make sure you follow ALL steps listed there.

================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found O4 - HKLM..\Run: [HFALoader] "C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\Hamster.Archiver.UI.exe" -loader File not found O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0B4227B4 :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Jan 31, 2013

#23
sinc22 Newcomer, in training Posts: 33

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HFALoader deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ahn Home
->Temp folder emptied: 397548 bytes
->Temporary Internet Files folder emptied: 418306100 bytes
->Java cache emptied: 456139 bytes
->FireFox cache emptied: 819867100 bytes
->Google Chrome cache emptied: 86956539 bytes
->Flash cache emptied: 90221 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 677234888 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 242036 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4456448 bytes

Total Files Cleaned = 1,915.00 mb

[EMPTYJAVA]

User: Ahn Home
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Ahn Home
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01312013_195722

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

sinc22, Jan 31, 2013

#24
sinc22 Newcomer, in training Posts: 33

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 38
Java(TM) SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

sinc22, Jan 31, 2013

#25

sinc22 Newcomer, in training Posts: 33

Farbar Service Scanner Version: 30-01-2013
Ran by Ahn Home (administrator) on 31-01-2013 at 20:21:19
Running from "C:\Users\Ahn Home\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-16 20:47] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 12:55] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-12 17:39] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-07-31 17:58] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-07-31 17:59] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-07-31 17:58] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-10-10 12:09] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****

sinc22, Jan 31, 2013

#26

Broni Malware Annihilator Posts: 39,313 +175

Did you reset Internet Explorer?

Broni, Jan 31, 2013

#27
sinc22 Newcomer, in training Posts: 33

I attempted it multiple times with the fixit link you sent, but it was unable to complete properly because it couldn't access inetcpl.cpl

sinc22, Jan 31, 2013

#28
Broni Malware Annihilator Posts: 39,313 +175

Can you open IE at all?

If so, click Tools>Internet options>Advanced tab and click on "Reset" button.

Broni, Jan 31, 2013

#29
sinc22 Newcomer, in training Posts: 33

Specifically, the error window states "error loading inetcpl.cpl. the operating system cannot run %1"

sinc22, Jan 31, 2013

#30
sinc22 Newcomer, in training Posts: 33

IE opens, but it doesn't connect to the internet (chrome and firefox running great) and any attempt to type in an address results in an attempted download of a file of similar name (I.e. google.com results in google_com.htm attempted download) then an auto shutdown of IE

sinc22, Jan 31, 2013

#31
Broni Malware Annihilator Posts: 39,313 +175

click Tools>Internet options>Advanced tab and click on "Reset" button.

Broni, Jan 31, 2013

#32
sinc22 Newcomer, in training Posts: 33

When I attempt to open tools>internet options, the following error msg comes up
"This operation has been cancelled due to restrictions in effect on this computer.Please contact your system administrator." Even tried opening IE as administrator

sinc22, Jan 31, 2013

#33
Broni Malware Annihilator Posts: 39,313 +175

Uninstall IE. It'll roll back to previously installed version.
See if you have same issue.

Broni, Jan 31, 2013

#34
sinc22 Newcomer, in training Posts: 33

How do I uninstall IE? Don't see it as an option under uninstall in control panel

sinc22, Jan 31, 2013

#35
Broni Malware Annihilator Posts: 39,313 +175

Good question.
IE will be actually listed under "installed updates".

Broni, Jan 31, 2013

#36
sinc22 Newcomer, in training Posts: 33

Thanks - found it. uninstall in progress. Fingers crossed.

sinc22, Jan 31, 2013

#37
sinc22 Newcomer, in training Posts: 33

It gives me an error that not all of the updates could be uninstalled

sinc22, Jan 31, 2013

#38
Broni Malware Annihilator Posts: 39,313 +175

..and? any options?

Broni, Jan 31, 2013

#39
sinc22 Newcomer, in training Posts: 33

No - just stops there and shows the uninstall updates screen with IE8 still there

sinc22, Jan 31, 2013

#40

Page 2 of 3

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.