Windows.google.java.script redirect=1 Do I have a virus?

Started by Evenshade, May 17, 2014, 11:03:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3
User actions

Evenshade

May 17, 2014, 11:03:26 PM
It's me again...you have just helped me with my husband's laptop and here I am with my PC.  I noticed a couple of weeks ago that my connections have slowed.  I thought maybe it was my wi-fi but checked my modem speed online and it looks normal via FF and IE.  I'm getting a blank page in between clicking on a link and it being redirected to the destination.  The blank page Windows.google.javascript Redirect=1 in the top left corner.  MBAM finds 2 incidences of PUP.optional.Browser safeguard.A but it gets quarantined.  Do I have a virus?  I would appreciate any help you can offer.

MikeW

#1
May 18, 2014, 08:24:49 AM
Hi Evenshade
Best to follow the posting instructions - http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/

Once the logs are posted one of our experts will along to help you
Win 11 Home MS Edge - WD - Mbam Pro

Evenshade

#2
May 18, 2014, 01:55:07 PM
Oh, sorry...I should have known better.  It was a long day yesterday.  Here are the requested logs.  :)   And thank you very much.
Pam

Results of screen317's Security Check version 0.99.83 
Windows 7 Service Pack 1 x64 (UAC is disabled!) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 51 
Java version out of Date!
Adobe Flash Player 13.0.0.214 
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137 
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe   
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2012 11:54:37 AM
System Uptime: 5/18/2014 9:44:35 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AB5
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1846 GiB total, 1628.33 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.1 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 1863 GiB total, 1862.856 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP397: 5/7/2014 5:17:49 PM - Windows Update
RP398: 5/8/2014 12:10:36 AM - Windows Update
RP399: 5/11/2014 6:04:02 AM - Windows Update
RP400: 5/15/2014 3:00:29 AM - Windows Update
RP401: 5/18/2014 5:06:06 AM - Windows Update
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Bonjour
BrowserSafeguard with RocketTab
Canon Laser Printer/Scanner/Fax Extended Survey Program
Canon MF Toolbox 4.9.1.1.mf14
Canon MF4700 Series
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
Dual Smart Solution
EPSON Artisan 50 Series Printer Uninstall
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Facebook
Family Tree Maker 2012
Google Chrome
Google Update Helper
Hallmark Card Studio 2010 Deluxe
Hewlett-Packard ACLM.NET v1.2.1.1
HP Application Assistant
HP Auto
HP Calendar
HP Client Services
HP Clock
HP Customer Experience Enhancements
HP LaserJet P1000 series
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
hp officejet v series
HP Photo Printing Software
HP RSS
HP Setup
HP Setup Manager
HP Share-to-Web
HP Support Assistant
HP Support Information
HP TouchSmart Background - Beats
HP TouchSmart RecipeBox
HP Update
HP Vision Hardware Diagnostics
HP Weather
HPSSupply
IDT Audio
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 2.0.1.1004
Mesh Runtime
Metric Converter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mobile App Sync
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 275.88
NVIDIA Control Panel 275.88
NVIDIA Graphics Driver 275.88
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
opensource
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
Recovery Manager
Remote Graphics Receiver
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Spotify
SumatraPDF
SUPERAntiSpyware
TSHostedAppLauncher
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
5/17/2014 8:09:52 PM, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
5/12/2014 4:18:23 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Mastin at 9:47:02 on 2014-05-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.10220.7785 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Mastin\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:49165;https=127.0.0.1:49165
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Spotify Web Helper] "C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify] "C:\Users\Mastin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
StartupFolder: C:\Users\Mastin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{B898D80F-8E78-4C94-A9E6-0674539C6F62} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C5D45449-1E20-425D-B37A-A1FAD7392BE6} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{F49EFEB7-ECAF-425E-9776-487242DD6301} : NameServer = 100.100.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|https://mail.google.com/mail/u/0/#inbox/1460c301dea68cea|https://www.google.com/calendar/render|http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=27879|http://www.weightwatchers.com/index.aspx|https://mail.google.com/mail/u/1/#inbox|http://www.netvibes.com/privatepage/1#Forums_and_Blogs|http://www.landzdown.com/analysis-and-malware-removal/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-9 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-7-17 161064]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-9 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-9 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-5 378472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-9 63192]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-9 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-9 131656]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-9 399944]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-1-9 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-18 09:06:32   10651704   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2009BD20-C8D7-4D55-8800-8D923D4ACAC7}\mpengine.dll
2014-05-17 11:57:10   10651704   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-16 10:55:12   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D386180-BC96-4B44-93DB-1E682C53DCB5}\gapaengine.dll
2014-05-15 07:03:47   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-15 07:03:47   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-13 22:39:12   --------   d-----w-   C:\Program Files (x86)\Mobile App Sync
2014-05-13 22:37:29   --------   d-----w-   C:\Program Files\003
2014-05-13 22:36:31   --------   d-----w-   C:\Program Files (x86)\Optimizer Pro
2014-05-13 22:36:01   --------   d-----w-   C:\Program Files (x86)\Browsersafeguard
2014-05-08 04:11:11   --------   d-s---w-   C:\Windows\System32\CompatTel
2014-04-26 17:01:32   --------   d-----w-   C:\Users\Mastin\AppData\Local\{D38F053F-8D9C-4362-B19D-36F048C50E6D}
2014-04-24 23:29:54   --------   d-sh--w-   C:\Users\Mastin\AppData\Local\EmieUserList
2014-04-24 23:29:54   --------   d-sh--w-   C:\Users\Mastin\AppData\Local\EmieSiteList
2014-04-18 23:47:46   --------   d-----w-   C:\FRST
.
==================== Find3M  ====================
.
2014-05-18 13:45:11   119512   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-13 19:10:23   70832   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 19:10:23   692400   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03   477184   ----a-w-   C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-04-15 06:34:10   1070232   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-04-03 14:47:26   63192   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-04-03 14:47:16   88280   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 14:47:12   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-03-11 13:52:30   133928   ----a-w-   C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41   5784064   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36   4254720   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15   2043904   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39   1967104   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40   2260480   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-06 05:41:49   1789440   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01   5550016   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21   243712   ----a-w-   C:\Windows\System32\wow64.dll
2014-03-04 09:44:21   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20   39936   ----a-w-   C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-03-04 09:44:03   722944   ----a-w-   C:\Windows\System32\objsel.dll
2014-03-04 09:44:03   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00   424960   ----a-w-   C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56   57344   ----a-w-   C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56   52736   ----a-w-   C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56   44544   ----a-w-   C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-03-04 09:43:55   56832   ----a-w-   C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55   53760   ----a-w-   C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50   455168   ----a-w-   C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11   3969984   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11   3914176   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2014-02-18 00:28:46   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 20:57:54   15641088   ----a-w-   C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH:  9:48:06.96 ===============

DonnaB

#3
May 18, 2014, 02:02:37 PM
Hi Pam,

Thank you for the logs, and many thanks to you MikeW. :)

QuoteI'm getting a blank page in between clicking on a link and it being redirected to the destination.  The blank page Windows.google.javascript Redirect=1 in the top left corner.

I've been getting a blank screen (white with black lettering in the upper left hand corner) myself for sometime now with Firefox (I don't use IE) after clicking on any link before I am directed to the correct site/page, though the message is not the same as yours. My message includes the site in which the link I click on refers to.  Are you being directed to the site intended or another unknown destination??
Couple questions:

Which browser does this happen in?

While I am reviewing your logs could you please try the "experiments" below to see if you experience the same issues?

Start Internet Explorer in the No Addons mode. To do this:

Open Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)

To open Firefox in Safe Mode:


  • Either click on the button or click on Help in the menu bar.
  • Choose Restart with Add-ons Disabled..
  • On the following screen that pops up, choose the Start in Safe Mode button.
Please note:
This is not the same as Windows Safe Mode.
DO NOT choose the Reset Firefox button. This will restore Firefox to its factory default state.

You can read more about Firefox Safe mode here

If Firefox works efficiently in Safe Mode, re-enable each Add-on one at a time till you find the one that might be causing issues. You can either disable the Add-on when not in use or uninstall it completely if you no longer have a need for it.




"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

DonnaB

#4
May 18, 2014, 02:39:35 PM
Hi Pam,

I'm back. Nothing really jumps out at me in the logs above that may be malicious in any way though while you tend to the following tasks I will take a closer look, The tasks below may or may not show something the logs above do not display.

Please let me know the results to the experiments above concerning how IE performs with no add-on and the same for Firefox in Safe Mode.

Let's update Java. Please click >>here<<. The latest version is Java 7 update 55.

As a side note, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.

You can read more about the need for Java and how to disable it from Corrine's blog found >>here<<.


Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Make sure to enable your protection software once the scan is complete.


Next:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
  • Click the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next:

Please download OTL to your Desktop.

  • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

In your next reply, please post the following logs:

JRT.txt
AdwCleaner[S0].txt
OTL.txt
Extras.txt

Thank you,
Donna  :)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Corrine

#5
May 18, 2014, 04:34:44 PM
Please excuse me fom the intrusion.  I'm dealing with real-life at the moment but needed a break so took a quick look at your logs.  So, just a quick note, Pam and Donna.  Pam, it looks as though you got a couple of unwanted extras, perhaps when installing the Mobile Sync App all on May 13. In particular see:

Optimizer Pro:  http://www.systemlookup.com/Startup/25405-OptProLauncher_exe.html
BrowserSafeguard:  http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=Browsersafeguard

Unless Pam knows that they are, I'd also look at Program Files\003

2014-05-13 22:39:12   --------   d-----w-   C:\Program Files (x86)\Mobile App Sync
2014-05-13 22:37:29   --------   d-----w-   C:\Program Files\003
2014-05-13 22:36:31   --------   d-----w-   C:\Program Files (x86)\Optimizer Pro
2014-05-13 22:36:01   --------   d-----w-   C:\Program Files (x86)\Browsersafeguard


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

DonnaB

#6
May 18, 2014, 05:23:11 PM
@Corrine,

Hi Corrine. Your presence is never an intrusion. After a tad bot of research, it appears that the C:\Program Files\003 folder is created by adware and can be a problem here.  I'm anxious to see what the logs for ADWC and JRT find and also what OTL displays.

I have my fingers crossed that OTL plays well with Pam's machine. It certainly didn't with her husband's!  :shocked:  :undecided:
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#7
May 19, 2014, 10:16:28 PM
Hello Donna and Corinne,
I got as far as downloading the newest Java version (and I did disable it for now) and the JRT.  I then lost my connection to my "proxy server" yesterday afternoon...not able to connect at all via my PC even though wifi was fine.  Suddenlink came today and the tech found that the LAN setting was set to "use a proxy server for your LAN" instead of to automatically detect settings.  I have no idea how/if that was something that I changed.  If so, I don't remember it and would be very surprised if I took it on myself to change a setting like that.  :)

Everything is running fine now and if it's ok I'd like to put things here on hold and see if I have any more problems.  Let me know if that's unwise and I will happily continue on with your instructions.

After writing the above, I saw Corinne's note and she's exactly right....those two items came along when I downloaded Chrome and I wasn't happy about it.  It wouldn't let me opt out or cancel it at the time.  I wanted to use Chrome as it would allow me to upload folders to google docs and have them mobile on my ipad and phone.   It does sound like I need to continue with the instructions on May 18 1:30:35.  Let me know if that's what you recommend, Donna and Corinne.  Thank you very much!
Pam

zep516

#8
May 19, 2014, 11:05:28 PM
Hello,

Monday is busy for Donna,



We saw the proxy here it is uProxyServer = hxxp=127.0.0.1:49165;https=127.0.0.1:49165 Most likely set by Malware. I would strongly suggest you follow through with Donna's instruction and post the logs from adwcleaner, JRT, and OTL.

Joe 
You're only as safe as your last update.

DonnaB

#9
May 19, 2014, 11:18:06 PM
Hi Pam,

Yes. Let's follow through with the instructions from post # 4 above. I'd like to make sure that proxy is no longer there and we need to remove those files and folders that Corrine pointed in her post.

Please post the 4 logs I requested.

Thank you Joe. :)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#10
May 20, 2014, 12:08:38 AM
Thank you so much, everyone, for getting me out of this mess I've made for myself.  :confused:   I think I have everything here that you requested. 
Pam



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mastin on Sun 05/18/2014 at 12:45:06.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Mastin\appdata\local\{D38F053F-8D9C-4362-B19D-36F048C50E6D}



~~~ FireFox

Emptied folder: C:\Users\Mastin\AppData\Roaming\mozilla\firefox\profiles\din64304.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/18/2014 at 12:50:50.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v3.210 - Report created 19/05/2014 at 19:47:04
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mastin - MASTIN-HP
# Running from : C:\Users\Mastin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\003

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|hxxps://mail.google.com/mail/u/0/#inbox/1460c301dea68cea|hxxps://www.google.com/calendar/render|hxxp://cla[...]

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/web/%7BsearchTerms%7D?tt=290312_bexdll&mntrId=e44887ab000000000000ac8112dbc6b0&affID=101385&babsrc=SP_ss
Deleted [Search Provider] : hxxp://smittenkitchen.com/search-results/?cx=009671904594399389362%3Aoll_ocju5k8&cof=FORID%3A9&ie=UTF-8&q={searchTerms}&siteurl=smittenkitchen.com%2F&ref=&ss=848j163570j7
Deleted [Search Provider] : hxxp://www.sproutedkitchen.com/display/Search?moduleId=14825579&searchQuery={searchTerms}
Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=chocolat&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.kboards.com/search-results.php?cx=013152137856052589417%3Apqyyesggtme&cof=FORID%3A9&ie=ISO-8859-1&q={searchTerms}&sa=site+search&siteurl=www.kboards.com%2F&ref=www.kindleboards.com%2F&ss=3943j1151221j24
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxps://mail.google.com/mail/ca/u/0/?shva=1#inbox
Deleted [Startup_urls] : hxxps://mail.google.com/mail/u/1/?shva=1#inbox

*************************

AdwCleaner[R0].txt - [2709 octets] - [19/05/2014 19:46:23]
AdwCleaner[S0].txt - [2662 octets] - [19/05/2014 19:47:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722 octets] ##########






OTL logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/19 19:51:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
PRC - [2014/05/14 08:43:29 | 006,170,168 | ---- | M] (Spotify Ltd) -- C:\Users\Mastin\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/05/14 08:43:25 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/05/14 08:43:24 | 000,598,072 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/04/03 10:45:56 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 10:45:54 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 10:45:48 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/12/14 21:10:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
PRC - [2012/10/17 20:40:58 | 000,339,456 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
PRC - [2012/04/15 17:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/05 02:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/07/17 18:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/17 18:12:04 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 10:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/14 08:43:25 | 036,966,968 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/05/14 08:43:25 | 000,886,840 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/05/14 08:43:25 | 000,108,600 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/05/14 08:43:24 | 000,598,072 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/02/17 12:18:56 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/17 12:18:54 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/17 12:18:26 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/17 11:52:59 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/17 11:52:55 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/17 11:52:53 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/17 11:52:52 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/17 11:52:51 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/17 11:52:51 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/17 11:52:51 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/17 11:52:51 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/17 11:52:49 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/17 11:52:48 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/17 11:52:47 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/17 11:52:43 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/14 21:10:08 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
MOD - [2012/10/17 19:52:40 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\LGErrorHandler.dll
MOD - [2012/10/17 19:52:38 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Proxy32dll.dll
MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2001/07/03 10:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/08 19:42:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/04/24 21:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/05/13 15:10:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 21:10:07 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/03 10:45:56 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/04/03 10:45:54 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/28 20:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/05 02:16:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/03 10:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 10:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/17 18:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/19 19:49:01 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 10:47:26 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 10:47:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/29 18:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/24 21:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 21:08:06 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/01/09 20:44:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/09 20:44:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/14 08:38:50 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/09/14 08:38:47 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 07:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 10:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/23 17:11:22 | 000,010,752 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2012/10/17 19:52:38 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{277332A7-344D-47FD-861A-5D1E3E1E4A70}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\SearchScopes\{7357080B-7695-4F47-984C-D7983905C24C}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.3.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1083
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:23.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/31 12:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Extensions
[2014/05/11 14:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions
[2014/05/01 18:45:27 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/11/26 17:23:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/04/24 14:51:35 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\donottrackplus@abine.com
[2014/03/30 17:41:38 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\adblockpopups@jessehakanen.net.xpi
[2014/05/11 14:15:04 | 000,143,173 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
[2013/04/04 21:28:40 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2014/05/01 18:31:19 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/21 21:42:36 | 000,787,979 | ---- | M] () (No name found) -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/01/11 16:31:05 | 000,002,112 | ---- | M] () -- C:\Users\Mastin\AppData\Roaming\Mozilla\Firefox\Profiles\din64304.default\searchplugins\wot-safe-search.xml
[2014/05/09 21:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 21:10:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.netvibes.com/privatepage/1#Forums_and_Blogs
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Quick Bookmarks = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgmnekpakhkbnhehnpkminifbpmkghg\3.14_0\
CHR - Extension: Google Drive = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry (scanner) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.19_0\
CHR - Extension: Bookmark Sentry (scanner) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.20_0\
CHR - Extension: WOT = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: YouTube = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Radio Player Live = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\2.1.7_0\
CHR - Extension: Bible = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb\1.8.7.2_0\
CHR - Extension: Adblock Plus = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Google Calendar = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Pandora = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Full Screen Weather = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Bookmark Buttons Startpage = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\genmiebglliamphdcfeakonfebajldkj\1.2.2_0\
CHR - Extension: AdBlock = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.7.2_0\
CHR - Extension: Jon Klassen = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek\2_1\
CHR - Extension: Halloween Mahjong = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpakeodedigoifepmiljaacocfcpgcf\1.0.0.1_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.21_0\
CHR - Extension: Disconnect = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.11_0\
CHR - Extension: Google Maps = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: My Chrome Theme = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Mastin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [Spotify] C:\Users\Mastin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000..\Run: [Spotify Web Helper] C:\Users\Mastin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B898D80F-8E78-4C94-A9E6-0674539C6F62}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5D45449-1E20-425D-B37A-A1FAD7392BE6}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F49EFEB7-ECAF-425E-9776-487242DD6301}: NameServer = 100.100.100.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/17 20:26:46 | 000,000,067 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/05/16 20:46:06 | 000,000,067 | ---- | M] () - K:\autorun.inf.vir -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/19 19:51:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
[2014/05/19 19:46:34 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/19 19:46:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/18 12:44:52 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mastin\Desktop\JRT.exe
[2014/05/18 12:38:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/18 12:38:25 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/18 12:38:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/18 12:38:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/18 12:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/18 12:37:00 | 000,921,512 | ---- | C] (Oracle Corporation) -- C:\Users\Mastin\Desktop\jxpiinstall.exe
[2014/05/18 09:46:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mastin\Desktop\dds.scr
[2014/05/15 03:03:48 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:03:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 03:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 06:17:30 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 06:17:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 06:17:18 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 06:17:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 06:17:18 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 06:17:17 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 06:17:17 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 06:17:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 06:17:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 06:17:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 06:17:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 06:17:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 06:17:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 06:17:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 06:17:15 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 06:17:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 06:17:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 06:17:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 06:17:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 06:17:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 06:17:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 06:17:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 06:17:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 06:17:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 06:17:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 18:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync
[2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile App Sync
[2014/05/09 21:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/08 00:11:11 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/07 23:59:13 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Mastin\Desktop\TFC.exe
[2014/04/24 19:29:54 | 000,000,000 | -HSD | C] -- C:\Users\Mastin\AppData\Local\EmieUserList
[2014/04/24 19:29:54 | 000,000,000 | -HSD | C] -- C:\Users\Mastin\AppData\Local\EmieSiteList
[2013/10/17 16:57:47 | 015,641,088 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2014/05/19 19:56:05 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/19 19:56:05 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/19 19:53:12 | 000,797,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/19 19:53:12 | 000,672,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/19 19:53:12 | 000,126,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/19 19:51:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\OTL.exe
[2014/05/19 19:49:01 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/19 19:48:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/19 19:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/19 19:48:31 | 3742,621,695 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/19 19:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/19 19:44:49 | 001,326,389 | ---- | M] () -- C:\Users\Mastin\Desktop\AdwCleaner.exe
[2014/05/19 19:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/18 12:55:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMastin.job
[2014/05/18 12:44:52 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mastin\Desktop\JRT.exe
[2014/05/18 12:37:00 | 000,921,512 | ---- | M] (Oracle Corporation) -- C:\Users\Mastin\Desktop\jxpiinstall.exe
[2014/05/18 09:48:58 | 000,854,367 | ---- | M] () -- C:\Users\Mastin\Desktop\SecurityCheck.exe
[2014/05/18 09:46:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mastin\Desktop\dds.scr
[2014/05/14 08:43:01 | 000,002,241 | ---- | M] () -- C:\Users\Mastin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/13 18:42:30 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 15:10:23 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/13 15:10:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/08 20:13:08 | 000,005,632 | ---- | M] () -- C:\Users\Mastin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/07 23:59:13 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Mastin\Desktop\TFC.exe
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/29 18:16:44 | 000,056,320 | ---- | M] () -- C:\Users\Mastin\Documents\AO Contact Info.hmk
[2014/04/25 14:04:33 | 000,146,944 | ---- | M] () -- C:\Users\Mastin\Documents\AO Monthly Calendar.hmk

========== Files Created - No Company Name ==========

[2014/05/19 19:44:49 | 001,326,389 | ---- | C] () -- C:\Users\Mastin\Desktop\AdwCleaner.exe
[2014/05/18 09:48:58 | 000,854,367 | ---- | C] () -- C:\Users\Mastin\Desktop\SecurityCheck.exe
[2014/05/13 18:42:30 | 000,002,241 | ---- | C] () -- C:\Users\Mastin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/13 18:42:30 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 18:42:02 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/13 18:42:01 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 15:16:50 | 000,000,136 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/12/24 21:17:54 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/12/15 13:52:15 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2013/11/20 12:30:31 | 000,000,020 | ---- | C] () -- C:\Windows\Hposcv07.INI
[2013/06/24 13:49:37 | 000,113,224 | ---- | C] () -- C:\Users\Mastin\g2ax_customer_downloadhelper_win32_x86.exe
[2012/06/21 18:40:33 | 000,005,632 | ---- | C] () -- C:\Users\Mastin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



OTL Extras logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (A

DonnaB

#11
May 20, 2014, 01:04:49 AM
Hi Pam,

Thank you for the logs. The Extras log from OTL was cut off at the bottom. Could you please repost the Extras log in a separate post please? I don;t need the OTL.log, just the Extras.log.

The tech guy from Suddenlink, did he remove that proxy? I see it that it is displayed in the OTL log:

IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165

Back soon with a fix script for OTL.  :thumbsup:
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#12
May 20, 2014, 01:20:20 AM
Here you go....sorry about that.  :)

The tech didn't say anything about removing the proxy...he just changed the setting for the PC to automatically search for the setting.  He said something about the IP address maybe being off by one digit.  ????
Thanks!
Pam

OTL Extras logfile created on: 5/19/2014 7:53:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mastin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.98 Gb Total Physical Memory | 7.57 Gb Available Physical Memory | 75.82% Memory free
19.96 Gb Paging File | 17.39 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.12 Gb Total Space | 1628.04 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.10 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive G: | 14.91 Gb Total Space | 8.40 Gb Free Space | 56.37% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: MASTIN-HP | User Name: Mastin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075A5EEC-36C5-47B7-9C9D-259C41A42794}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C33F8A1-63CF-4E37-9FD7-8B12EC75310F}" = lport=138 | protocol=17 | dir=in | app=system |
"{15760C6C-FF88-4AF2-B6C7-2F241262C347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16E06F7B-FFDA-4227-9CD9-832D6AA16AB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{20A68317-5A19-4122-B661-F102886A4227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21BCED1E-611A-46CF-81C1-B69368D5F695}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2AEEE5DA-8F4F-45AD-B2A5-44517567AC6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{37F2D6C1-C8D7-4A46-8D65-A2478B469F98}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58A04E43-8513-43BC-8BCD-EC03D07E41B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58FF1BF6-454C-4C2C-9E1C-96C9654169CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D635FCA-A0C2-4F88-824F-4C27622811EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DFE6FCF-B97B-4537-8F1F-FDDCCDE2DBC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66E93D47-A34F-439F-ADD2-B4A7097EA026}" = rport=138 | protocol=17 | dir=out | app=system |
"{74F1D3CD-B509-4214-A94E-EF9C38577CB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{801F867D-DB23-4FE8-AD85-E032EDB39241}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8FCC7871-944C-4265-B436-9893EDC37747}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFFFC322-AD31-4AAB-8F61-0CE0EE851002}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD1BE68F-245F-448E-B72E-2FA768F9B548}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CECB04EB-C091-47DB-903E-65A8D2A9E884}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6780A0D-56BD-4760-9F08-8423A8304A88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC955FC1-2037-4448-8404-F64B770936EC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD75D357-60C0-45EE-AE4F-F0E1E959D0BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED3869D0-82FE-403E-9217-29CC40B9652F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAFFDE2F-CC91-49F3-BE41-115F524553C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB16FB1F-622A-4112-BF72-81813981A7F4}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AEB0E7-5DCC-4534-A4C8-44E70ED297CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{028F6EA6-7C73-42D2-A29F-DAE4008A7123}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{09BFE798-496C-4801-BC0C-99A634CB7BF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13435CB3-60C6-4B5F-A77A-D5A6284266A2}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{23BFF32D-C7E3-4C42-BA16-8439E44CF9B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{294A628C-0F7D-49DF-AAEE-5D591F710D58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38907290-BDA7-4F3F-B483-5E1A08487D04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A1AB4DD-0C33-46A1-8C46-019E793D84F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AFA0220-6164-4235-913F-8C9A7408221F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CC9007C-0DDC-4CD2-89D0-4845498DD6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FB44050-0D74-44AA-9CE7-DBB0CCB64181}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46F9135B-E951-458F-89CD-4E73FA1EC029}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{47B2841E-300E-4C3C-A171-31909764A2AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5543348A-6A74-4AB1-81A4-ECBCDAAE3BFF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5AF9BCC6-9620-48FB-90CC-7E5DE430FFA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{600AD6CD-B418-49EB-9FE3-C65AB4FD9931}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7508D345-C55D-41B7-96FD-504A413EF502}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{752A4384-46F4-42A7-B44F-5C141661478F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7C57017D-AC4E-44A5-B973-2C615D05B168}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5B5B2F-9DF1-4283-A188-5BEDE6BA132C}" = protocol=17 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"{84B8D364-95D8-43AD-B7A4-E768107102CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{86742858-EDD0-457C-86BA-E93A292F27A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{867FF9DA-77ED-453C-B0A2-B0F8835C34E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E05D9DA-CBCB-41EB-8BB9-7E2A6CDEFE84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{90F6DB2E-FF25-4738-B2EC-BBDC3FC04C0B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{94FE7457-1042-42C3-B436-A77E4100EF51}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9A1AC805-8403-48A6-B423-4DE6B23B3CC1}" = protocol=6 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"{9AAFD05D-3BA8-45FD-8C2C-A3C317D2B455}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9AF75A31-DD5C-4314-84D6-D3616803D12C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A244624C-7D97-4181-A3AF-6377AC048D79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A9018E68-4674-4660-A8AA-F4F9F927B317}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{AA41B7CF-1870-4644-BED2-DAA80B2A0A32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2213C6C-BF12-4075-9BB2-1FB880272E45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B93DD048-56C1-42CB-8A73-D35BCB76E7DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D064DB4E-3E90-428B-9020-DDCB77392D4E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{D558406A-FF1E-4DA2-BD4B-4F54DF126C78}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA68D8BB-F002-4931-86F6-89C41F80862F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{DF103C06-9DEB-44BA-845E-C9D3569DF359}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5ECDCDB-23A9-4180-BE09-AFAC93E5912A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{F03083BF-5E4A-44BB-BC0E-CF2193D6773A}" = protocol=6 | dir=out | app=system |
"{F8997C1E-3163-4A0F-B065-B639CA0DA42B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB2F8048-3825-41D0-A17C-67D06CFF1302}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0CC1C649-3E89-416F-9ECD-BA77F5041849}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{6F88903E-9C3B-4739-9F18-8F854291D5DB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{924A988D-DACB-4682-A7D4-659EF0FB9BD4}C:\users\mastin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A9C54D19-C4E9-478C-A625-D1BA3737025A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{D7C6DD26-3D34-4166-AAB2-8456DCF87D3F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6649C1B2-3AC3-4903-A2D3-545622D5A13D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8FF0522A-DC66-4C35-B216-2EBE3E5313E3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{ADEDE5F9-3505-4491-83A6-7AE8E3CC5F23}C:\users\mastin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mastin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C57AAE30-3645-4AD0-8342-67D74897E55B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E805FEFA-FA48-44E2-A4C2-FFA7EAF5781F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}" = Canon MF4700 Series
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A16FF47-A5FC-49A8-96B5-31180D317059}" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Canon Laser Printer/Scanner/Fax Extended Survey Program" = Canon Laser Printer/Scanner/Fax Extended Survey Program
"CCleaner" = CCleaner
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet v series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf14
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6F8D36-04BA-41E9-9004-1789BD545874}" = HP TouchSmart Background - Beats
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E61F7C73-277C-44CE-87C4-B574BF0F3803}" = Dual Smart Solution
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"BrowserSafeguard" = BrowserSafeguard with RocketTab
"EPSON Scanner" = EPSON Scan
"Family Tree Maker 2012" = Family Tree Maker 2012
"Google Chrome" = Google Chrome
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo Printing Software" = HP Photo Printing Software
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mobile App Sync" = Mobile App Sync
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SumatraPDF" = SumatraPDF
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2014 5:53:02 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004

Error - 5/19/2014 5:53:03 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018

Error - 5/19/2014 5:53:04 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018

Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9016

Error - 5/19/2014 5:53:05 PM | Computer Name = Mastin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9016

[ Hewlett-Packard Events ]
Error - 3/31/2012 11:56:52 AM | Computer Name = Mastin-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)

   at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 10220  Ram
Utilization: 10  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) 

Error - 4/1/2012 10:39:15 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088   at HPSFConfigReader.ConfigHelper.loadXML()

   at HPSFConfigReader.ConfigHelper..ctor()     at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad)  Message: Exception of type 'System.Exception' was thrown.  StackTrace:
   at HPSFConfigReader.ConfigHelper.loadXML()     at HPSFConfigReader.ConfigHelper..ctor()

   at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 10220
Ram
Utilization: 20  TargetSite: Void loadXML() 

Error - 4/8/2012 10:56:38 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 4/8/2012 10:56:38 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 5/13/2012 11:43:32 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 10  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 5/13/2012 11:43:32 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 10  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 5/27/2012 11:14:12 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 10  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 5/27/2012 11:14:12 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 10220  Ram Utilization: 10  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession) 

Error - 8/22/2012 6:26:25 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/22/2012 6:18:46 AM | Computer Name = Mastin-HP | Source = HPSF.exe | ID = 4000
Description =


< End of report >

DonnaB

#13
May 20, 2014, 02:26:31 AM
QuoteThe tech didn't say anything about removing the proxy
Ok. Adware Cleaner and JRT did a nice job removing the files we were concerned about. Let's remove the proxy with an OTL fix. I added a few other useless files as well.

Before you run the fix, go to Start > Control Panel > Programs and Features, right click and uninstall the following program, if found:

Mobile App Sync

Next:

  • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    IE - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49165;https=127.0.0.1:49165
    O3 - HKU\S-1-5-21-954411563-2238225784-2263214972-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync
    [2014/05/13 18:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile App Sync

    :Files
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Mobile App Sync" = ""

    :Commands
    [resethosts]
    [emptytemp]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Please post the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt


Next:

Please download MiniToolBox and run it.

Checkmark following boxes only:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
Click Go and post the result.

In your next reply, please post the following logs:

C:\_OTL\Moved Files
OTL.txt
Result.txt (minitoolbox log)

Thank you,
Donna :)
"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Evenshade

#14
May 20, 2014, 12:36:04 PM
Thank you, Donna...your instructions are as smooth as silk and this machine has, indeed, liked OTL much better than Dan's laptop did.   < s >   OK, here we go with the logs.............


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-954411563-2238225784-2263214972-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile App Sync\ not found.
Folder C:\Program Files (x86)\Mobile App Sync\ not found.
========== FILES ==========
< netsh int ip reset c:\resetlog.txt /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13
   Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{C5D45449-1E20-425D-B37A-A1FAD7392BE6}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter 6TO4 Adapter:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter Local Area Connection* 12:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
Tunnel adapter 6TO4 Adapter:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Tunnel adapter Local Area Connection* 12:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3063:131f:3f57:fff3
   Link-local IPv6 Address . . . . . : fe80::3063:131f:3f57:fff3%12
   Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\Users\Mastin\Desktop\cmd.bat deleted successfully.
C:\Users\Mastin\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"Mobile App Sync" | "" /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mastin
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 8841913 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 175861594 bytes
->Google Chrome cache emptied: 32017651 bytes
->Flash cache emptied: 3330 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37535 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1582856 bytes

Total Files Cleaned = 208.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05202014_082840

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mastin (administrator) on 20-05-2014 at 08:33:29
Running from "C:\Users\Mastin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mastin-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : AC-81-12-DB-C6-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 38-60-77-E4-75-51
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b082:8b8e:f1f2:2c32%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 20, 2014 8:30:30 AM
   Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 9:30:30 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 272130167
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9D-56-8B-38-60-77-E4-75-51
   DNS Servers . . . . . . . . . . . : 208.180.42.68
                                       208.180.42.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C5D45449-1E20-425D-B37A-A1FAD7392BE6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10fb:3849:3f57:fff3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10fb:3849:3f57:fff3%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{B898D80F-8E78-4C94-A9E6-0674539C6F62}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    google.com
Addresses:  2607:f8b0:4000:804::1001
     74.125.227.238
     74.125.227.224
     74.125.227.225
     74.125.227.226
     74.125.227.227
     74.125.227.228
     74.125.227.229
     74.125.227.230
     74.125.227.231
     74.125.227.232
     74.125.227.233


Pinging google.com [173.194.115.71] with 32 bytes of data:
Reply from 173.194.115.71: bytes=32 time=53ms TTL=56
Reply from 173.194.115.71: bytes=32 time=50ms TTL=55

Ping statistics for 173.194.115.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 50ms, Maximum = 53ms, Average = 51ms
Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    yahoo.com
Addresses:  206.190.36.45
     98.138.253.109
     98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=32ms TTL=52
Reply from 98.139.183.24: bytes=32 time=34ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 34ms, Average = 33ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...ac 81 12 db c6 b0 ......802.11n Wireless LAN Card
13...38 60 77 e4 75 51 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    266
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
12     58 2001::/32                On-link
12    306 2001:0:5ef5:79fb:10fb:3849:3f57:fff3/128
                                    On-link
13    266 fe80::/64                On-link
12    306 fe80::/64                On-link
12    306 fe80::10fb:3849:3f57:fff3/128
                                    On-link
13    266 fe80::b082:8b8e:f1f2:2c32/128
                                    On-link
  1    306 ff00::/8                 On-link
12    306 ff00::/8                 On-link
13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****
Print
Go Up Pages1 2 3
User actions