It's me again...you have just helped me with my husband's laptop and here I am with my PC. I noticed a couple of weeks ago that my connections have slowed. I thought maybe it was my wi-fi but checked my modem speed online and it looks normal via FF and IE. I'm getting a blank page in between clicking on a link and it being redirected to the destination. The blank page Windows.google.javascript Redirect=1 in the top left corner. MBAM finds 2 incidences of PUP.optional.Browser safeguard.A but it gets quarantined. Do I have a virus? I would appreciate any help you can offer.
Hi Evenshade
Best to follow the posting instructions - http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/
Once the logs are posted one of our experts will along to help you
Oh, sorry...I should have known better. It was a long day yesterday. Here are the requested logs. :) And thank you very much.
Pam
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2012 11:54:37 AM
System Uptime: 5/18/2014 9:44:35 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AB5
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1846 GiB total, 1628.33 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.1 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 1863 GiB total, 1862.856 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP397: 5/7/2014 5:17:49 PM - Windows Update
RP398: 5/8/2014 12:10:36 AM - Windows Update
RP399: 5/11/2014 6:04:02 AM - Windows Update
RP400: 5/15/2014 3:00:29 AM - Windows Update
RP401: 5/18/2014 5:06:06 AM - Windows Update
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Bonjour
BrowserSafeguard with RocketTab
Canon Laser Printer/Scanner/Fax Extended Survey Program
Canon MF Toolbox 4.9.1.1.mf14
Canon MF4700 Series
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
Dual Smart Solution
EPSON Artisan 50 Series Printer Uninstall
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Facebook
Family Tree Maker 2012
Google Chrome
Google Update Helper
Hallmark Card Studio 2010 Deluxe
Hewlett-Packard ACLM.NET v1.2.1.1
HP Application Assistant
HP Auto
HP Calendar
HP Client Services
HP Clock
HP Customer Experience Enhancements
HP LaserJet P1000 series
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
hp officejet v series
HP Photo Printing Software
HP RSS
HP Setup
HP Setup Manager
HP Share-to-Web
HP Support Assistant
HP Support Information
HP TouchSmart Background - Beats
HP TouchSmart RecipeBox
HP Update
HP Vision Hardware Diagnostics
HP Weather
HPSSupply
IDT Audio
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 2.0.1.1004
Mesh Runtime
Metric Converter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mobile App Sync
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 275.88
NVIDIA Control Panel 275.88
NVIDIA Graphics Driver 275.88
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
opensource
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
Recovery Manager
Remote Graphics Receiver
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Spotify
SumatraPDF
SUPERAntiSpyware
TSHostedAppLauncher
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
5/17/2014 8:09:52 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/12/2014 4:18:23 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by Mastin at 9:47:02 on 2014-05-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10220.7785 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Mastin\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:49165;https=127.0.0.1:49165
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Spotify Web Helper] "C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify] "C:\Users\Mastin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
StartupFolder: C:\Users\Mastin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{B898D80F-8E78-4C94-A9E6-0674539C6F62} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C5D45449-1E20-425D-B37A-A1FAD7392BE6} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{F49EFEB7-ECAF-425E-9776-487242DD6301} : NameServer = 100.100.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|https://mail.google.com/mail/u/0/#inbox/1460c301dea68cea|https://www.google.com/calendar/render|http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=27879|http://www.weightwatchers.com/index.aspx|https://mail.google.com/mail/u/1/#inbox|http://www.netvibes.com/privatepage/1#Forums_and_Blogs|http://www.landzdown.com/analysis-and-malware-removal/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-9 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-7-17 161064]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-9 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-9 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-5 378472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-9 63192]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-9 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-9 131656]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-9 399944]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-1-9 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-18 09:06:32 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2009BD20-C8D7-4D55-8800-8D923D4ACAC7}\mpengine.dll
2014-05-17 11:57:10 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-16 10:55:12 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D386180-BC96-4B44-93DB-1E682C53DCB5}\gapaengine.dll
2014-05-15 07:03:47 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 07:03:47 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-13 22:39:12 -------- d-----w- C:\Program Files (x86)\Mobile App Sync
2014-05-13 22:37:29 -------- d-----w- C:\Program Files\003
2014-05-13 22:36:31 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-05-13 22:36:01 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2014-05-08 04:11:11 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-26 17:01:32 -------- d-----w- C:\Users\Mastin\AppData\Local\{D38F053F-8D9C-4362-B19D-36F048C50E6D}
2014-04-24 23:29:54 -------- d-sh--w- C:\Users\Mastin\AppData\Local\EmieUserList
2014-04-24 23:29:54 -------- d-sh--w- C:\Users\Mastin\AppData\Local\EmieSiteList
2014-04-18 23:47:46 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2014-05-18 13:45:11 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-13 19:10:23 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 19:10:23 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-03 14:47:26 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-03 14:47:16 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 14:47:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-18 00:28:46 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 20:57:54 15641088 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 9:48:06.96 ===============
Hi Pam,
Thank you for the logs, and many thanks to you MikeW. :)
QuoteI'm getting a blank page in between clicking on a link and it being redirected to the destination. The blank page Windows.google.javascript Redirect=1 in the top left corner.
I've been getting a blank screen (white with black lettering in the upper left hand corner) myself for sometime now with Firefox (I don't use IE) after clicking on any link before I am directed to the correct site/page, though the message is not the same as yours. My message includes the site in which the link I click on refers to. Are you being directed to the site intended or another unknown destination??
Couple questions:
Which browser does this happen in?
While I am reviewing your logs could you please try the "experiments" below to see if you experience the same issues?
Start Internet Explorer in the No Addons mode. To do this:
Open Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)To open Firefox in
Safe Mode:
- Either click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi1211.photobucket.com%2Falbums%2Fcc438%2Fdonnajb3%2Fffbutton_zpsfd783571.jpg&hash=f033bc6019a9f9d5a575acd290194b6850d73211) (http://s1211.photobucket.com/user/donnajb3/media/ffbutton_zpsfd783571.jpg.html) button or click on Help in the menu bar.
- Choose Restart with Add-ons Disabled..
- On the following screen that pops up, choose the Start in Safe Mode button.
Please note: This is not the same as Windows Safe Mode.
DO NOT choose the
Reset Firefox button. This will restore Firefox to its factory default state.
You can read more about Firefox Safe mode here (https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode)
If Firefox works efficiently in Safe Mode, re-enable each Add-on one at a time till you find the one that might be causing issues. You can either disable the Add-on when not in use or uninstall it completely if you no longer have a need for it.
Hi Pam,
I'm back. Nothing really jumps out at me in the logs above that may be malicious in any way though while you tend to the following tasks I will take a closer look, The tasks below may or may not show something the logs above do not display.
Please let me know the results to the experiments above concerning how IE performs with no add-on and the same for Firefox in Safe Mode.
Let's update Java. Please click
>>here (https://www.java.com/en/download/)<<. The latest version is Java 7 update 55.
As a side note, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.
You can read more about the need for Java and how to disable it from Corrine's blog found
>>here (http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html)<<.
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
- Disable your protection software now to avoid potential conflicts.
- Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Make sure to enable your protection software once the scan is complete.
Next:Please download
AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
- Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token). - Click the Scan button.
- AdwCleaner will begin. Be patient as the scan may take some time to complete.
- The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
- Click the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next:Please download
OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop.
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox
and
- Check the option for All under the Extra Registry section
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of both
OTL.txt and
Extras.txt files in your next reply.
In your next reply, please post the following logs:
JRT.txt
AdwCleaner[S0].txt
OTL.txt
Extras.txtThank you,
Donna :)
Please excuse me fom the intrusion. I'm dealing with real-life at the moment but needed a break so took a quick look at your logs. So, just a quick note, Pam and Donna. Pam, it looks as though you got a couple of unwanted extras, perhaps when installing the Mobile Sync App all on May 13. In particular see:
Optimizer Pro: http://www.systemlookup.com/Startup/25405-OptProLauncher_exe.html
BrowserSafeguard: http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=Browsersafeguard
Unless Pam knows that they are, I'd also look at Program Files\003
2014-05-13 22:39:12 -------- d-----w- C:\Program Files (x86)\Mobile App Sync
2014-05-13 22:37:29 -------- d-----w- C:\Program Files\003
2014-05-13 22:36:31 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-05-13 22:36:01 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
@Corrine,
Hi Corrine. Your presence is never an intrusion. After a tad bot of research, it appears that the C:\Program Files\003 folder is created by adware and can be a problem here. I'm anxious to see what the logs for ADWC and JRT find and also what OTL displays.
I have my fingers crossed that OTL plays well with Pam's machine. It certainly didn't with her husband's! :shocked: :undecided:
Hello Donna and Corinne,
I got as far as downloading the newest Java version (and I did disable it for now) and the JRT. I then lost my connection to my "proxy server" yesterday afternoon...not able to connect at all via my PC even though wifi was fine. Suddenlink came today and the tech found that the LAN setting was set to "use a proxy server for your LAN" instead of to automatically detect settings. I have no idea how/if that was something that I changed. If so, I don't remember it and would be very surprised if I took it on myself to change a setting like that. :)
Everything is running fine now and if it's ok I'd like to put things here on hold and see if I have any more problems. Let me know if that's unwise and I will happily continue on with your instructions.
After writing the above, I saw Corinne's note and she's exactly right....those two items came along when I downloaded Chrome and I wasn't happy about it. It wouldn't let me opt out or cancel it at the time. I wanted to use Chrome as it would allow me to upload folders to google docs and have them mobile on my ipad and phone. It does sound like I need to continue with the instructions on May 18 1:30:35. Let me know if that's what you recommend, Donna and Corinne. Thank you very much!
Pam
Hello,
Monday is busy for Donna,
We saw the proxy here it is uProxyServer = hxxp=127.0.0.1:49165;https=127.0.0.1:49165 Most likely set by Malware. I would strongly suggest you follow through with Donna's instruction and post the logs from adwcleaner, JRT, and OTL.
Joe
Hi Pam,
Yes. Let's follow through with the instructions from post # 4 (http://www.landzdown.com/analysis-and-malware-removal/windows-google-java-script-redirect1-do-i-have-a-virus/msg166951/#msg166951) above. I'd like to make sure that proxy is no longer there and we need to remove those files and folders that Corrine pointed in her post.
Please post the 4 logs I requested.
Thank you Joe. :)
Thank you so much, everyone, for getting me out of this mess I've made for myself. :confused: I think I have everything here that you requested.
Pam
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mastin on Sun 05/18/2014 at 12:45:06.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{D38F053F-8D9C-4362-B19D-36F048C50E6D}
~~~ FireFox
Emptied folder: C:\Users\Mastin\AppData\Roaming\mozilla\firefox\profiles\din64304.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/18/2014 at 12:50:50.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.210 - Report created 19/05/2014 at 19:47:04
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mastin - MASTIN-HP
# Running from : C:\Users\Mastin\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\003
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\prefs.js ]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|hxxps://mail.google.com/mail/u/0/#inbox/1460c301dea68cea|hxxps://www.google.com/calendar/render|hxxp://cla[...]
-\\ Google Chrome v34.0.1847.137
[ File : C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.babylon.com/web/%7BsearchTerms%7D?tt=290312_bexdll&mntrId=e44887ab000000000000ac8112dbc6b0&affID=101385&babsrc=SP_ss
Deleted [Search Provider] : hxxp://smittenkitchen.com/search-results/?cx=009671904594399389362%3Aoll_ocju5k8&cof=FORID%3A9&ie=UTF-8&q={searchTerms}&siteurl=smittenkitchen.com%2F&ref=&ss=848j163570j7
Deleted [Search Provider] : hxxp://www.sproutedkitchen.com/display/Search?moduleId=14825579&searchQuery={searchTerms}
Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=chocolat&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.kboards.com/search-results.php?cx=013152137856052589417%3Apqyyesggtme&cof=FORID%3A9&ie=ISO-8859-1&q={searchTerms}&sa=site+search&siteurl=www.kboards.com%2F&ref=www.kindleboards.com%2F&ss=3943j1151221j24
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxps://mail.google.com/mail/ca/u/0/?shva=1#inbox
Deleted [Startup_urls] : hxxps://mail.google.com/mail/u/1/?shva=1#inbox
*************************
AdwCleaner[R0].txt - [2709 octets] - [19/05/2014 19:46:23]
AdwCleaner[S0].txt - [2662 octets] - [19/05/2014 19:47:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722 octets] ##########
OTL logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/19 19:51:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
PRC - [2014/05/14 08:43:29 | 006,170,168 | ---- | M] (Spotify Ltd) -- C:\Users\Mastin\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/05/14 08:43:25 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/05/14 08:43:24 | 000,598,072 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/04/03 10:45:56 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 10:45:54 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 10:45:48 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/12/14 21:10:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
PRC - [2012/10/17 20:40:58 | 000,339,456 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
PRC - [2012/04/15 17:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/05 02:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/07/17 18:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/17 18:12:04 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 10:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/14 08:43:25 | 036,966,968 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/05/14 08:43:25 | 000,886,840 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/05/14 08:43:25 | 000,108,600 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/05/14 08:43:24 | 000,598,072 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/02/17 12:18:56 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/17 12:18:54 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/17 12:18:26 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/17 11:52:59 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/17 11:52:55 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/17 11:52:53 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/17 11:52:52 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/17 11:52:51 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/17 11:52:51 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/17 11:52:51 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/17 11:52:51 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/17 11:52:49 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/17 11:52:48 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/17 11:52:47 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/17 11:52:43 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/14 21:10:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
MOD - [2012/10/17 19:52:40 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
MOD - [2012/10/17 19:52:38 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Proxy32dll.dll
MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2001/07/03 10:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/08 19:42:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/24 21:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/05/13 15:10:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 21:10:07 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/03 10:45:56 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/04/03 10:45:54 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/05 02:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/17 18:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/19 19:49:01 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 10:47:26 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 10:47:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/29 18:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/24 21:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 21:08:06 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/01/09 20:44:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/09 20:44:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/14 08:38:50 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/09/14 08:38:47 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 07:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 10:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/23 17:11:22 | 000,010,752 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2012/10/17 19:52:38 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{277332A7-344D-47FD-861A-5D1E3E1E4A70}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\SearchScopes\{7357080B-7695-4F47-984C-D7983905C24C}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.3.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1083
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:23.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/03/31 12:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Extensions
[2014/05/11 14:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions
[2014/05/01 18:45:27 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/11/26 17:23:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/04/24 14:51:35 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\donottrackplus@abine.com
[2014/03/30 17:41:38 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\adblockpopups@jessehakanen.net.xpi
[2014/05/11 14:15:04 | 000,143,173 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
[2013/04/04 21:28:40 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2014/05/01 18:31:19 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/21 21:42:36 | 000,787,979 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/01/11 16:31:05 | 000,002,112 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\searchplugins\wot-safe-search.xml
[2014/05/09 21:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 21:10:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.netvibes.com/privatepage/1#Forums_and_Blogs
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Quick Bookmarks = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgmnekpakhkbnhehnpkminifbpmkghg\3.14_0\
CHR - Extension: Google Drive = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry (scanner) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.19_0\
CHR - Extension: Bookmark Sentry (scanner) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.20_0\
CHR - Extension: WOT = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: YouTube = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Radio Player Live = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\2.1.7_0\
CHR - Extension: Bible = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb\1.8.7.2_0\
CHR - Extension: Adblock Plus = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google Calendar = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Pandora = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Full Screen Weather = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Bookmark Buttons Startpage = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\genmiebglliamphdcfeakonfebajldkj\1.2.2_0\
CHR - Extension: AdBlock = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.7.2_0\
CHR - Extension: Jon Klassen = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek\2_1\
CHR - Extension: Halloween Mahjong = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf\1.0.0.1_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.21_0\
CHR - Extension: Disconnect = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.11_0\
CHR - Extension: Google Maps = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: My Chrome Theme = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [Spotify] C:\Users\Mastin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [Spotify Web Helper] C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D80F-8E78-4C94-A9E6-0674539C6F62}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5D45449-1E20-425D-B37A-A1FAD7392BE6}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F49EFEB7-ECAF-425E-9776-487242DD6301}: NameServer = 100.100.100.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/17 20:26:46 | 000,000,067 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/05/16 20:46:06 | 000,000,067 | ---- | M] () - K:\autorun.inf.vir -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/19 19:51:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
[2014/05/19 19:46:34 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/19 19:46:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/18 12:44:52 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mastin\Desktop\JRT.exe
[2014/05/18 12:38:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/18 12:38:25 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/18 12:38:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/18 12:38:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/18 12:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/18 12:37:00 | 000,921,512 | ---- | C] (Oracle Corporation) -- C:\Users\Mastin\Desktop\jxpiinstall.exe
[2014/05/18 09:46:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mastin\Desktop\dds.scr
[2014/05/15 03:03:48 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:03:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 03:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 06:17:30 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 06:17:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 06:17:18 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 06:17:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 06:17:18 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 06:17:17 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 06:17:17 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 06:17:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 06:17:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 06:17:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 06:17:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 06:17:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 06:17:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 06:17:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 06:17:15 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 06:17:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 06:17:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 06:17:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 06:17:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 06:17:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 06:17:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 06:17:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 06:17:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 06:17:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 06:17:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 18:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile App Sync
[2014/05/09 21:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/08 00:11:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/07 23:59:13 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Mastin\Desktop\TFC.exe
[2014/04/24 19:29:54 | 000,000,000 | -HSD | C] -- C:\Users\Mastin\AppData\Local\EmieUserList
[2014/04/24 19:29:54 | 000,000,000 | -HSD | C] -- C:\Users\Mastin\AppData\Local\EmieSiteList
[2013/10/17 16:57:47 | 015,641,088 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
========== Files - Modified Within 30 Days ==========
[2014/05/19 19:56:05 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/19 19:56:05 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/19 19:53:12 | 000,797,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/19 19:53:12 | 000,672,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/19 19:53:12 | 000,126,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/19 19:51:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
[2014/05/19 19:49:01 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/19 19:48:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/19 19:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/19 19:48:31 | 3742,621,695 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/19 19:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/19 19:44:49 | 001,326,389 | ---- | M] () -- C:\Users\Mastin\Desktop\AdwCleaner.exe
[2014/05/19 19:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/18 12:55:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMastin.job
[2014/05/18 12:44:52 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mastin\Desktop\JRT.exe
[2014/05/18 12:37:00 | 000,921,512 | ---- | M] (Oracle Corporation) -- C:\Users\Mastin\Desktop\jxpiinstall.exe
[2014/05/18 09:48:58 | 000,854,367 | ---- | M] () -- C:\Users\Mastin\Desktop\SecurityCheck.exe
[2014/05/18 09:46:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mastin\Desktop\dds.scr
[2014/05/14 08:43:01 | 000,002,241 | ---- | M] () -- C:\Users\Mastin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/13 18:42:30 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 15:10:23 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/13 15:10:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/08 20:13:08 | 000,005,632 | ---- | M] () -- C:\Users\Mastin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/07 23:59:13 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\TFC.exe
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/29 18:16:44 | 000,056,320 | ---- | M] () -- C:\Users\Mastin\Documents\AO Contact Info.hmk
[2014/04/25 14:04:33 | 000,146,944 | ---- | M] () -- C:\Users\Mastin\Documents\AO Monthly Calendar.hmk
========== Files Created - No Company Name ==========
[2014/05/19 19:44:49 | 001,326,389 | ---- | C] () -- C:\Users\Mastin\Desktop\AdwCleaner.exe
[2014/05/18 09:48:58 | 000,854,367 | ---- | C] () -- C:\Users\Mastin\Desktop\SecurityCheck.exe
[2014/05/13 18:42:30 | 000,002,241 | ---- | C] () -- C:\Users\Mastin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/13 18:42:30 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 18:42:02 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/13 18:42:01 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 15:16:50 | 000,000,136 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/12/24 21:17:54 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/12/15 13:52:15 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2013/11/20 12:30:31 | 000,000,020 | ---- | C] () -- C:\Windows\Hposcv07.INI
[2013/06/24 13:49:37 | 000,113,224 | ---- | C] () -- C:\Users\Mastin\g2ax_customer_downloadhelper_win32_x86.exe
[2012/06/21 18:40:33 | 000,005,632 | ---- | C] () -- C:\Users\Mastin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
OTL Extras logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (A
Hi Pam,
Thank you for the logs. The Extras log from OTL was cut off at the bottom. Could you please repost the Extras log in a separate post please? I don;t need the OTL.log, just the Extras.log.
The tech guy from Suddenlink, did he remove that proxy? I see it that it is displayed in the OTL log:
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165
Back soon with a fix script for OTL. :thumbsup:
Here you go....sorry about that. :)
The tech didn't say anything about removing the proxy...he just changed the setting for the PC to automatically search for the setting. He said something about the IP address maybe being off by one digit. ????
Thanks!
Pam
OTL Extras logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075A5EEC-36C5-47B7-9C9D-259C41A42794}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C33F8A1-63CF-4E37-9FD7-8B12EC75310F}" = lport=138 | protocol=17 | dir=in | app=system |
"{15760C6C-FF88-4AF2-B6C7-2F241262C347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16E06F7B-FFDA-4227-9CD9-832D6AA16AB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{20A68317-5A19-4122-B661-F102886A4227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21BCED1E-611A-46CF-81C1-B69368D5F695}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2AEEE5DA-8F4F-45AD-B2A5-44517567AC6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{37F2D6C1-C8D7-4A46-8D65-A2478B469F98}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58A04E43-8513-43BC-8BCD-EC03D07E41B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58FF1BF6-454C-4C2C-9E1C-96C9654169CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D635FCA-A0C2-4F88-824F-4C27622811EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DFE6FCF-B97B-4537-8F1F-FDDCCDE2DBC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66E93D47-A34F-439F-ADD2-B4A7097EA026}" = rport=138 | protocol=17 | dir=out | app=system |
"{74F1D3CD-B509-4214-A94E-EF9C38577CB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{801F867D-DB23-4FE8-AD85-E032EDB39241}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8FCC7871-944C-4265-B436-9893EDC37747}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFFFC322-AD31-4AAB-8F61-0CE0EE851002}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD1BE68F-245F-448E-B72E-2FA768F9B548}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CECB04EB-C091-47DB-903E-65A8D2A9E884}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6780A0D-56BD-4760-9F08-8423A8304A88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC955FC1-2037-4448-8404-F64B770936EC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD75D357-60C0-45EE-AE4F-F0E1E959D0BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED3869D0-82FE-403E-9217-29CC40B9652F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAFFDE2F-CC91-49F3-BE41-115F524553C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB16FB1F-622A-4112-BF72-81813981A7F4}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AEB0E7-5DCC-4534-A4C8-44E70ED297CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{028F6EA6-7C73-42D2-A29F-DAE4008A7123}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{09BFE798-496C-4801-BC0C-99A634CB7BF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13435CB3-60C6-4B5F-A77A-D5A6284266A2}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{23BFF32D-C7E3-4C42-BA16-8439E44CF9B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{294A628C-0F7D-49DF-AAEE-5D591F710D58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38907290-BDA7-4F3F-B483-5E1A08487D04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A1AB4DD-0C33-46A1-8C46-019E793D84F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AFA0220-6164-4235-913F-8C9A7408221F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CC9007C-0DDC-4CD2-89D0-4845498DD6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FB44050-0D74-44AA-9CE7-DBB0CCB64181}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46F9135B-E951-458F-89CD-4E73FA1EC029}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{47B2841E-300E-4C3C-A171-31909764A2AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5543348A-6A74-4AB1-81A4-ECBCDAAE3BFF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5AF9BCC6-9620-48FB-90CC-7E5DE430FFA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{600AD6CD-B418-49EB-9FE3-C65AB4FD9931}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7508D345-C55D-41B7-96FD-504A413EF502}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{752A4384-46F4-42A7-B44F-5C141661478F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7C57017D-AC4E-44A5-B973-2C615D05B168}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5B5B2F-9DF1-4283-A188-5BEDE6BA132C}" = protocol=17 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"{84B8D364-95D8-43AD-B7A4-E768107102CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{86742858-EDD0-457C-86BA-E93A292F27A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{867FF9DA-77ED-453C-B0A2-B0F8835C34E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E05D9DA-CBCB-41EB-8BB9-7E2A6CDEFE84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{90F6DB2E-FF25-4738-B2EC-BBDC3FC04C0B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{94FE7457-1042-42C3-B436-A77E4100EF51}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9A1AC805-8403-48A6-B423-4DE6B23B3CC1}" = protocol=6 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"{9AAFD05D-3BA8-45FD-8C2C-A3C317D2B455}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9AF75A31-DD5C-4314-84D6-D3616803D12C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A244624C-7D97-4181-A3AF-6377AC048D79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A9018E68-4674-4660-A8AA-F4F9F927B317}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{AA41B7CF-1870-4644-BED2-DAA80B2A0A32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2213C6C-BF12-4075-9BB2-1FB880272E45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B93DD048-56C1-42CB-8A73-D35BCB76E7DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D064DB4E-3E90-428B-9020-DDCB77392D4E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{D558406A-FF1E-4DA2-BD4B-4F54DF126C78}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA68D8BB-F002-4931-86F6-89C41F80862F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{DF103C06-9DEB-44BA-845E-C9D3569DF359}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5ECDCDB-23A9-4180-BE09-AFAC93E5912A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{F03083BF-5E4A-44BB-BC0E-CF2193D6773A}" = protocol=6 | dir=out | app=system |
"{F8997C1E-3163-4A0F-B065-B639CA0DA42B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB2F8048-3825-41D0-A17C-67D06CFF1302}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0CC1C649-3E89-416F-9ECD-BA77F5041849}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{6F88903E-9C3B-4739-9F18-8F854291D5DB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{924A988D-DACB-4682-A7D4-659EF0FB9BD4}C:\users\mastin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A9C54D19-C4E9-478C-A625-D1BA3737025A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{D7C6DD26-3D34-4166-AAB2-8456DCF87D3F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6649C1B2-3AC3-4903-A2D3-545622D5A13D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8FF0522A-DC66-4C35-B216-2EBE3E5313E3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{ADEDE5F9-3505-4491-83A6-7AE8E3CC5F23}C:\users\mastin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C57AAE30-3645-4AD0-8342-67D74897E55B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E805FEFA-FA48-44E2-A4C2-FFA7EAF5781F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}" = Canon MF4700 Series
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A16FF47-A5FC-49A8-96B5-31180D317059}" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Canon Laser Printer/Scanner/Fax Extended Survey Program" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"CCleaner" = CCleaner
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet v series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf14
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6F8D36-04BA-41E9-9004-1789BD545874}" = HP TouchSmart Background - Beats
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E61F7C73-277C-44CE-87C4-B574BF0F3803}" = Dual Smart Solution
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"BrowserSafeguard" = BrowserSafeguard with RocketTab
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2012" = Family Tree Maker 2012
"Google Chrome" = Google Chrome
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo Printing Software" = HP Photo Printing Software
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mobile App Sync" = Mobile App Sync
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SumatraPDF" = SumatraPDF
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/19/2014 5:53:02 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018
Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018
Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9016
Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9016
[ Hewlett-Packard Events ]
Error - 3/31/2012 11:56:52 AM | Computer Name = Mastin-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 10220 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 4/1/2012 10:39:15 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()
at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()
at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 10220
Ram
Utilization: 20 TargetSite: Void loadXML()
Error - 4/8/2012 10:56:38 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 4/8/2012 10:56:38 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 5/13/2012 11:43:32 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 5/13/2012 11:43:32 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 5/27/2012 11:14:12 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 5/27/2012 11:14:12 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
Error - 8/22/2012 6:26:25 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 9/22/2012 6:18:46 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 4000
Description =
< End of report >
QuoteThe tech didn't say anything about removing the proxy
Ok. Adware Cleaner and JRT did a nice job removing the files we were concerned about. Let's remove the proxy with an OTL fix. I added a few other useless files as well.
Before you run the fix, go to
Start > Control Panel > Programs and Features, right click and uninstall the following program, if found:
Mobile App SyncNext:- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:COMMANDS
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165
O3 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile App Sync
:Files
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mobile App Sync" = ""
:Commands
[resethosts]
[emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button.
Please post the following logs in your next reply:
C:\_OTL\
Moved Files
OTL.txt Next:Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and run it.
Checkmark following boxes only:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP Configuration
- List Winsock Entries
Click
Go and post the result.
In your next reply, please post the following logs:
C:\_OTL\
Moved Files
OTL.txt
Result.txt (minitoolbox log) Thank you,
Donna :)
Thank you, Donna...your instructions are as smooth as silk and this machine has, indeed, liked OTL much better than Dan's laptop did. < s > OK, here we go with the logs.............
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync\ not found.
Folder C:\Program Files (x86)\Mobile App Sync\ not found.
========== FILES ==========
< netsh int ip reset c:\resetlog.txt /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13
Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{C5D45449-1E20-425D-B37A-A1FAD7392BE6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13
IPv4 Address. . . . . . . . . . . : 192.168.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3063:131f:3f57:fff3
Link-local IPv6 Address . . . . . : fe80::3063:131f:3f57:fff3%12
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"Mobile App Sync" | "" /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mastin
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 8841913 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 175861594 bytes
->Google Chrome cache emptied: 32017651 bytes
->Flash cache emptied: 3330 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37535 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1582856 bytes
Total Files Cleaned = 208.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05202014_082840
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
MiniToolBox by Farbar Version: 23-01-2014
Ran by Mastin (administrator) on 20-05-2014 at 08:33:29
Running from "C:\Users\Mastin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
::1 localhost
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Mastin-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : AC-81-12-DB-C6-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 38-60-77-E4-75-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 20, 2014 8:30:30 AM
Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 9:30:30 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 272130167
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9D-56-8B-38-60-77-E4-75-51
DNS Servers . . . . . . . . . . . : 208.180.42.68
208.180.42.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{C5D45449-1E20-425D-B37A-A1FAD7392BE6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10fb:3849:3f57:fff3(Preferred)
Link-local IPv6 Address . . . . . : fe80::10fb:3849:3f57:fff3%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rdns01.suddenlink.net
Address: 208.180.42.68
Name: google.com
Addresses: 2607:f8b0:4000:804::1001
74.125.227.238
74.125.227.224
74.125.227.225
74.125.227.226
74.125.227.227
74.125.227.228
74.125.227.229
74.125.227.230
74.125.227.231
74.125.227.232
74.125.227.233
Pinging google.com [173.194.115.71] with 32 bytes of data:
Reply from 173.194.115.71: bytes=32 time=53ms TTL=56
Reply from 173.194.115.71: bytes=32 time=50ms TTL=55
Ping statistics for 173.194.115.71:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 53ms, Average = 51ms
Server: rdns01.suddenlink.net
Address: 208.180.42.68
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=32ms TTL=52
Reply from 98.139.183.24: bytes=32 time=34ms TTL=52
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 34ms, Average = 33ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...ac 81 12 db c6 b0 ......802.11n Wireless LAN Card
13...38 60 77 e4 75 51 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.12 266
192.168.0.12 255.255.255.255 On-link 192.168.0.12 266
192.168.0.255 255.255.255.255 On-link 192.168.0.12 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.12 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.12 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fb:10fb:3849:3f57:fff3/128
On-link
13 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::10fb:3849:3f57:fff3/128
On-link
13 266 fe80::b082:8b8e:f1f2:2c32/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
**** End of log ****
Quoteyour instructions are as smooth as silk and this machine has, indeed, liked OTL much better than Dan's laptop did
Thank you! :) Detailed instructions certainly makes the task easier. Some of the programs we use can really be confusing for some. I still wonder why OTL refuses to run on a select few computers. So glad it worked on yours... :thumbsup:
How is the computer behaving now???
Let's run just a couple more scans to ensure nothing is left behind, lurking in the shadows:
Let's run a Threat Scan with MBAM v2 since you have it installed already. I haven't experimented much with this new version, so please let me know if the instructions below are appropriate for the occasion.
Right click on the MBAM v2 icon and choose
Run as administrator to open the program:
- Click on the Dashboard tab then select Update Now >>
- Once it has updated select Settings > Detection and Protection
- Tick Scan for rootkits
(https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG)
- Go back to the Dashboard and select Scan Now
(https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG)
- If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
(https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG)
(https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG)
- On completion of the scan (or after the reboot) select View Detailed Log
- Select Export > Select text file and save to the desktop
Please post the log in your next reply.
Next:ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
- Please go >>HERE (http://www.eset.com/onlinescan/)<< then click on:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESET1st.jpg&hash=3e93d1f4b996ce5bfab6e2c1b4e8a246e41051fa)
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESETexe.jpg&hash=834dfebc3cb517fab4a10c9c45dc52b27c3665df) icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
- Select the option YES, I accept the Terms of Use then click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESETsave.jpg&hash=41688c9ab804225235e9cc9d410e0086d760ba14)
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi280.photobucket.com%2Falbums%2Fkk173%2FDakeyras_album2%2FEOLS3.gif&hash=b607bc92258ebf870785e0532fa7d82f251134d1)
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi280.photobucket.com%2Falbums%2Fkk173%2FDakeyras_album2%2FEOLS4.gif&hash=6924007f3666bb43f17bfc666748ae887248c759)
(Selecting Uninstall application on close if you so wish)
Hi Donna,
The computer is behaving beautifully...spunky and fast again. :mitch: Your MBAM instructions were pretty good. I'm new to this version, too, so learned a couple of things by going through the instructed steps. At the "scan now" instruction, it gave me the option to choose the updates and I do so. If I recall correctly, I didn't see it ask me for a reboot until after I clicked the "apply action" button.
Here are my logs:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18345
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 02:40:16
# local_time=2014-05-20 10:40:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25979063 152183466 0 0
# scanned=219657
# found=2
# cleaned=0
# scan_time=3810
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/20/2014
Scan Time: 9:26:37 PM
Logfile: MBAM SCAN 052014.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.21.01
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276140
Time Elapsed: 12 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [ea1605fb0000738d82ba704cf60d946c],
Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, No Action By User, [ea1605fb0000738d82ba704cf60d946c]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
QuoteThe computer is behaving beautifully...spunky and fast again.
Ahhh. I like spunky and fast. Kind of makes you want to do the happy dance! :dance:
QuoteYour MBAM instructions were pretty good.
Good! I will have to make the time to thoroughly go over the new version of MBAM v2. There is so much more to that version, and I've never been comfortable asking others to initiate scans that I am not familiar with, though thought it was silly to have you install yet a another program that I am familiar with and since you had it installed already, might as well get good use out of it and maybe both of us would learn something along the way. :thumbsup:
For some reason, the MBAM log shows
No Action By User even though you did take action, so lets take different approach to rid that from your machine.
Go to
Start > Control Panel > Programs and Features and see if it still listed there. It shouldn't be since AdwCleaner acknowledged that did remove the folder. It appears that it is just a leftover in the registry run key.
Next:Let's use OTL to remove the files that ESET found and remove it from the registry. Looking back at my first OTL fix, I realize now that I removed that value data for Mobile App Sync when I should have just remove the item from the registry all together. I'll include that as well in my fix:
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Quote
:COMMANDS
[CREATERESTOREPOINT]
:Reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeGuard"=-
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeGuard"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mobile App Sync"=-
:Files
C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res
C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res
:Commands
[Reboot]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
Next:Please run another MBAM scan so we can verify a clean scan.
No need to provide another OTL scan. The OTL moved log and MBAM will show me if the files are removed.
Please post the following logs in your next reply:
C:\_OTL\
Moved Files
MBAM.txt Thank you,
Donna :)
Good morning Donna!
I hate to say this, but I'm not sure what I'm to be looking for in Programs and Features. :confused: Unfortunately, confusion is not an unusual state for me. :) So let me know and I will look for it.
I did run the scans and here are the logs. Thank you again for everything!
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/21/2014
Scan Time: 9:05:42 AM
Logfile: mban 052114.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.21.04
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275620
Time Elapsed: 13 min, 17 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [916fc739ae52c93794114f6db44f4cb4],
Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, No Action By User, [916fc739ae52c93794114f6db44f4cb4]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeGuard not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeGuard not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Mobile App Sync deleted successfully.
========== FILES ==========
C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res moved successfully.
File\Folder C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 05212014_084915
QuoteI'm not sure what I'm to be looking for in Programs and Features.
For heavens sake! This is why I try not to think too hard before that 2nd cup of coffee in the morning. :thud: Boy, do we need one of those *facepalm* smilie guys for my personal use, or what?
I meant to have you look for the BrowserSafeGuard folder and delete it, if found. I see that the last OTL fix did remove Mobile App Sync, though MBAM is still showing that no action was taken on the following:
Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD,
No Action By User, [916fc739ae52c93794114f6db44f4cb4],
Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169,
No Action By User, [916fc739ae52c93794114f6db44f4cb4]
Allow me a moment to discuss this with my associates before I provide further instructions.
Donna, you're so funny. :) I just thought it had gone over my head like many things do.
I went back to uninstall BrowerSafeguard with RocketTabs and got this message: an error occurred while trying to uninstall BrowserSafeguard with RocketTabs. It may have already been uninstalled. Would you like to remove yada, yada, yada from the Programs and Features list and I did that.
I noticed those PUPs still there, too. I'll wait for a reply...no hurry. Speaking of that, we are leaving in the morning to go out of town until next Tuesday so we can pick up again if we don't get finished tonight. No rush at all.
Pam
QuoteDonna, you're so funny. :) I just thought it had gone over my head like many things do.
Did I mention how much fun you are to work with? You are so on my level of cognitive thinking. :hug:
QuoteI went back to uninstall BrowerSafeguard with RocketTabs and got this message: an error occurred while trying to uninstall BrowserSafeguard with RocketTabs. It may have already been uninstalled. Would you like to remove yada, yada, yada from the Programs and Features list and I did that.
Perfect!! :thumbsup:
QuoteI noticed those PUPs still there, too.
We'll need to remove those as well.
QuoteI'll wait for a reply...no hurry. Speaking of that, we are leaving in the morning to go out of town until next Tuesday so we can pick up again if we don't get finished tonight. No rush at all.
Not a problem at all.
I did discuss this with my fellow associates and it is agreed upon that some settings that should have been configured for our needs were not. I have tweaked the instructions a tad so if you have time before you leave please try the new set of instructions below. I did not run the new instructions by the rest of the team prior to posting them below thinking you might have time to rescan. If not, don't worry about it and we can pick up where we left off when you get back next Tuesday.
Here are the tweaked instructions:
- Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
- After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
- Under Detection Options, make sure all 3 options are checked.
- Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
- Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
- If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
- When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
Post log:
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs
- Double click on the scan log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Home again, home again, jiggity jig..and happy to be here. As Dorothy said, there's no place like home. I hope you had a happy and meaningful Memorial Day, Donna!
Here is my latest scan log......
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 5/27/2014 3:34:29 PM, SYSTEM, MASTIN-HP, Scheduler, Malware Database, 2014.5.22.6, 2014.5.27.9,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Refresh, Starting,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Stopping,
Protection, 5/27/2014 3:34:31 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Stopped,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Refresh, Success,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 5/27/2014 3:34:34 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Started,
Protection, 5/27/2014 3:55:43 PM, SYSTEM, MASTIN-HP, Protection, Malware Protection, Starting,
Protection, 5/27/2014 3:55:43 PM, SYSTEM, MASTIN-HP, Protection, Malware Protection, Started,
Protection, 5/27/2014 3:55:44 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Starting,
Protection, 5/27/2014 3:55:51 PM, SYSTEM, MASTIN-HP, Protection, Malicious Website Protection, Started,
(end)
Donna,
I hope I didn't mess anything up. I know I'm not supposed to change anything while we're working on a problem but when I was prompted upon opening a .pdf file I'd saved, I downloaded and installed the newest version of Sumatra without thinking . I'm searching the emoticons for a red face about now.
Pam
Hi Pam! I see someone doing the happy dance. :lol: There's nothing better than coming home after being away for more than a few days.
Yes. I had a very nice Memorial Day. Best part was talking to my Son for over an hour who is deployed overseas. :hug:
Updating Sumatra was no big deal. There is no foistware included in the updates like there would be for Adobe Reader that would make unwanted changes.
I'm trying to figure out where you got that log from. That is not a typical Threat scan result. I've been trying to find an exact log on my system but I can not find one.
Let's see if there is a Threat scan log from the scan you ran:
Right click on the MBAM icon and choose Run as administrator to open the program.
Click on the History > Application Logs > Scan Log > View.
Click on the Copy to Clipboard button at the bottom.
Come back here to your thread and paste that into a reply box.
Hopefully one of the other members can tell us what the log in the above post is all about.
I'm happy you got to talk to your son....thank him for his service for us.
Oops..it looks like I copied the "protection log" for today's date instead of the "scan log". I didn't realize there were 2 there. This should look more reasonable, I hope. :smash:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/27/2014
Scan Time: 3:54:02 PM
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.27.09
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mastin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279089
Time Elapsed: 15 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [838cd38142398aacf41ad0f445be32ce],
Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_downloadbrowser.co|google_chrome-search-us-chrome-exact-34349763169, Quarantined, [838cd38142398aacf41ad0f445be32ce]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Quote from: DonnaB on May 27, 2014, 10:13:53 PM
Hopefully one of the other members can tell us what the log in the above post is all about.
I was typing a reply to the effect that you had posted the protection log instead of the scan/detection log, then noticed you had explained it yourself while I was grabbing some coffee :D
MBAM quarantined those last two items. :thumbsup:
How is your computer now?
Thanks to you, Donna. It's fantastic. No lags, no waiting....everything comes up instantly like it should. :dance:
Wonderful! I love happy news. Let's run an online scan with ESET and see if there are any stragglers lurking in the shadows before we clean up our tools. :thumbsup:
This scan may take quite awhile to run, so your patience will be needed. :)
ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
- Please go >>HERE (http://www.eset.com/onlinescan/)<< then click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESET1st.jpg&hash=3e93d1f4b996ce5bfab6e2c1b4e8a246e41051fa)
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESETexe.jpg&hash=834dfebc3cb517fab4a10c9c45dc52b27c3665df) icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FESETsave.jpg&hash=41688c9ab804225235e9cc9d410e0086d760ba14)
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi280.photobucket.com%2Falbums%2Fkk173%2FDakeyras_album2%2FEOLS3.gif&hash=b607bc92258ebf870785e0532fa7d82f251134d1)
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on: (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi280.photobucket.com%2Falbums%2Fkk173%2FDakeyras_album2%2FEOLS4.gif&hash=6924007f3666bb43f17bfc666748ae887248c759)
(Selecting Uninstall application on close if you so wish)
Here we go, Donna.........
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18345
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-21 02:40:16
# local_time=2014-05-20 10:40:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25979063 152183466 0 0
# scanned=219657
# found=2
# cleaned=0
# scan_time=3810
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3becb7038431884998391dc4300b94ef
# engine=18438
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-28 01:35:40
# local_time=2014-05-27 09:35:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26579987 152784390 0 0
# scanned=223484
# found=1
# cleaned=0
# scan_time=3713
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\05212014_084915\C_ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
Hi Pam,
Nothing found by ESET except a file we moved with OTL and it's located in the Moved folder. That will go bye, bye when we uninstall the tool.
Time to clean up the tools and send you on your merry little way! :dance:
Removing the tools:
Double-click on the
AdwCleaner.exe icon to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
Next:OTL Clean-UpRight click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) icon on your desktop and choose
Run as administrator to open the main window.
Next click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FCleanUpButtonOTL.jpg&hash=2f46b158a4cd2c63b157cfee217ee653e8924410) button.
Once clean up is complete you will be prompted to reboot your computer. Please do so.
This will remove most of the programs we have used including itself.
Next:On the desktop right click and choose
Delete for the following programs/setup files, if found:
Security Check
DDS
MiniToolBox
AdwCleaner.exe
JRT
esetsmartinstaller_enu (ESET)Next:Go to
Start > Control Panel > Programs and Features and uninstall the following, if found:
ESET online scannerNext:Follow the path below and delete the folder(s), if found:
C:\AdwCleaner
C:\_OTL -> May be found in Downloads folder
C:\Program Files (x86)\ESET
If there are any left over tools or logs on your computer please delete them now. Next:Clear Restore PointsGo
Start > All Programmes > Accessories > System tools Right click
Disc Cleanup and select
run as administratorWhen it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select
More Options tab
Press Sytem Restore and Shadow Copies
Cleanup button
(https://dl.dropbox.com/u/73555776/disc%20clean.JPG)
The above will flush out all the old Restore Points and keep the latest one we created. <--Very important
I like to recommend a program by OldTimer called TFC (Temporary File Cleaner).
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).
Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.Instructions to install TFC
:Download TFC by Old Timer from here (http://www.itxassociates.com/OT-Tools/TFC.exe):
- First, save any files as TFC will close ALL open programs including your browser!
- Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
- Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
- Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete cleaning.
Keep MBAM version 2 installed and run that program at least once every two weeks. Once a week if the laptop is used heavily every day. Less if rarely used. Same with TFC above.
For basic maintenance:
Depending on how much you use your computer you should keep it in tip top shape by performing basic maintenance on a daily/weekly/monthly basis.
1.) TFC
2.) Disk cleanup (http://windows.microsoft.com/en-US/windows-vista/Delete-files-using-Disk-Cleanup) which is included in Windows.
3.) Windows Defrag, which is included with Windows as well.
4.) Malwarebytes Anti-malware (MBAM)
And just to add, the Windows Operating Systems of today are a far cry from the ones of the past. Windows is more robust, HDD's are bigger and better and most computer systems have more and better RAM as well as faster processors. Windows handles temp files much more efficiently and doesn't store as many temp files that aren't needed like it used to. Disk cleaners have their place and are needed on occasion, just not as frequently as they once were needed.
And finally! Some more of my very own tips for safe computing:
- Make sure Realtime AV scanning is enabled.
- Don't trust pop-ups that tell you that you may have spyware on your machine. Most of these are money making schemes designed to get you to buy their removal product, which in some cases also contain malware.
- Make back-ups of your most personal files frequently by whatever means you have available, i.e. Tape, CD, DVD, USB Drives, Ghost programs, etc. You never know when you'll have to reformat and start from scratch and without current backups of your personal files, you're basically at a lose. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
- Be careful where you "surf". If you know you are going to click a site that is questionable, then at least be intelligent enough to disable javascript, java, ActiveX installations, etc... You "surf" these sites at your own risk.
- Uninstall and quit using P2P networking programs like uTorrent, Kazaa, BearShare, eMule and Limewire. These are your most likely weakest links if you're using them. Primarily most stuff transferred is illegally obtained and if you won't give it up you eventually pay the consequences.
- Don't give access to your computer to friends or family who appear to be clueless about what they are doing. Otherwise you'll come home from school/work one day and your computer will be trashed.
- In my opinion, a PC is just that, a PC (Personal Computer). Don't allow your children to talk you into any Windows cracks, hacks, or tweaks that could turn your computer into an expensive doorstop.
- When in doubt -- don't download it and don't install it until you've researched it.
Here is a link that you might find interesting that will educate and enhance your online surfing abilities by Tony Klein and kept updated by our very own Corrine:
"So how did I get infected in the first place?" (http://securitygarden.blogspot.com/p/blog-page.html)
If you have any questions or concerns please don't hesitate to ask! Any member on this site will be more then happy to guide you in your quest for safe surfing and to prevent infection. It's been a pleasure helping you.
Happy and safe computing!
Donna :)
As always...thank you, thank you, thank you, Donna! You are terrific and very much appreciated by me. :) I'll try to be more observant when doing downloads! Have a good week! :hallo:
Pam