Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

SafeSearch


  • This topic is locked This topic is locked

#1
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
I open up my Internet Explorer and my homepage and default search engine changed. I changed those back to google, but now my Internet is running slower. I know I am using IE9, but I have to in order to use my company's web-based applications.

OTL logfile created on: 3/11/2014 7:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.68% Memory free
5.73 Gb Paging File | 4.02 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 171.09 Gb Free Space | 78.41% Space Free | Partition Type: NTFS

Computer Name: 7W13426 | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/11 19:07:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2014/03/09 18:42:50 | 000,026,904 | ---- | M] (Smartbar) -- C:\Users\Ralph\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2014/03/09 18:42:16 | 000,021,784 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Lrcnta.exe
PRC - [2014/02/20 17:46:16 | 000,841,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
PRC - [2013/12/11 14:14:42 | 004,645,704 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/08 08:52:28 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:58 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/03 18:27:08 | 000,043,904 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2010/01/05 07:30:10 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/01/05 07:30:10 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/18 15:24:42 | 003,853,080 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/09 18:43:30 | 000,055,576 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srut.dll
MOD - [2014/03/09 18:43:28 | 000,028,440 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srsbs.dll
MOD - [2014/03/09 18:43:22 | 000,029,976 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srom.dll
MOD - [2014/03/09 18:43:22 | 000,023,832 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2014/03/09 18:43:20 | 000,254,232 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srns.dll
MOD - [2014/03/09 18:43:18 | 000,042,776 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srbu.dll
MOD - [2014/03/09 18:43:16 | 000,067,864 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\srau.dll
MOD - [2014/03/09 18:43:14 | 000,065,816 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2014/03/09 18:43:14 | 000,060,184 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2014/03/09 18:43:12 | 000,038,168 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\smta.dll
MOD - [2014/03/09 18:43:12 | 000,029,976 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\smtu.dll
MOD - [2014/03/09 18:43:10 | 000,148,760 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
MOD - [2014/03/09 18:43:10 | 000,100,632 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
MOD - [2014/03/09 18:43:06 | 000,034,584 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2014/03/09 18:43:04 | 000,153,880 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2014/03/09 18:43:04 | 000,060,696 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2014/03/09 18:43:02 | 000,026,392 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2014/03/09 18:42:56 | 000,164,632 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2014/03/09 18:42:56 | 000,064,280 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2014/03/09 18:42:54 | 000,045,848 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2014/03/09 18:42:54 | 000,014,104 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2014/03/09 18:42:52 | 002,281,752 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2014/03/09 18:42:52 | 000,695,576 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2014/03/09 18:42:52 | 000,077,592 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2014/03/09 18:42:46 | 000,013,592 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\siem.dll
MOD - [2014/03/09 18:42:44 | 000,023,320 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2014/03/09 18:42:18 | 000,042,264 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2014/03/09 18:42:16 | 000,029,464 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\lrcnt.dll
MOD - [2014/03/09 18:42:16 | 000,021,784 | ---- | M] () -- C:\Users\Ralph\AppData\Local\Smartbar\Application\Lrcnta.exe
MOD - [2014/02/13 09:44:48 | 000,452,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\af9b7806a22b33ad03c577f6eb4c49d7\UIAutomationClient.ni.dll
MOD - [2014/02/13 09:39:05 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll
MOD - [2014/02/13 08:53:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll
MOD - [2014/02/13 08:53:20 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/13 08:50:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 08:49:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 08:49:34 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
MOD - [2014/02/13 08:48:35 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 08:48:08 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 08:47:52 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 08:47:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 08:47:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/09/10 14:45:56 | 000,145,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/09/10 14:45:56 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
MOD - [2013/05/08 02:57:13 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/05/17 07:43:00 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2014/02/20 17:46:27 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/03 18:27:08 | 000,043,904 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/06/02 10:56:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/26 16:22:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/05 07:30:10 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2014/03/05 19:43:34 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140309.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/02/24 05:18:42 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/24 05:18:42 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140311.001\NAVENG.SYS -- (NAVENG)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 09:50:11 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 09:50:10 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/17 11:55:15 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/05 07:30:10 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/10/29 17:55:30 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/26 07:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/16 23:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/09 22:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008/02/29 18:08:08 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...1C78A6723174097
IE - HKLM\..\SearchScopes\{B5CDF8FF-BF82-444A-AB64-0EBA4D35900C}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...1C78A6723174097
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 10 67 73 B4 98 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {4322E30D-E271-45D4-BB74-9BBD056525F4}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearc...1C78A6723174097
IE - HKCU\..\SearchScopes\{4322E30D-E271-45D4-BB74-9BBD056525F4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\avsoftware.org/safesearch: C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/11 09:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/08 08:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/08 08:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/18 07:47:20 | 000,000,000 | ---D | M]

[2013/09/10 14:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live�? Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SafeSearch = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
CHR - Extension: RealDownloader = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SafeSearch) - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (SafeSearch Toolbar) - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Ralph\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pghexchange.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2047AC-1573-4B30-9CF1-113D166A4A04}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\LPT
[2014/02/26 10:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/26 10:37:50 | 000,000,000 | ---D | C] -- C:\dc3c1c59754644550fed01a073
[2014/02/12 13:57:25 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Roaming\PrimoPDF
[2014/02/12 13:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2014/02/12 13:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2014/02/12 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\{243A483A-5178-4333-9DF7-209BC20855EC}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/11 18:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/11 18:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/11 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/11 17:14:50 | 000,005,346 | ---- | M] () -- C:\Windows\mozy.flt
[2014/03/11 17:14:50 | 000,003,444 | ---- | M] () -- C:\Windows\mozy.blk
[2014/03/11 13:38:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/11 09:34:58 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 09:34:58 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/11 09:32:24 | 000,665,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/11 09:32:24 | 000,123,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/11 09:25:05 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/04 09:44:25 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/14 09:44:50 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/12 13:55:26 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2014/02/12 13:55:18 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2014/02/12 13:41:24 | 000,000,000 | ---- | M] () -- C:\Users\Ralph\Documents\Nuance Image Printer Writer Port
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/28 10:45:47 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/02/12 13:55:26 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2014/02/12 13:55:19 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013/09/04 11:45:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/28 11:18:36 | 000,000,258 | RHS- | C] () -- C:\Users\Ralph\ntuser.pol
[2012/11/19 12:21:30 | 000,000,160 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/07/20 16:55:30 | 000,518,446 | ---- | C] () -- C:\Users\Ralph\HR FREEMAN 1 FACT SHEET.pdf
[2012/07/20 16:09:41 | 000,789,821 | ---- | C] () -- C:\Users\Ralph\HR FREEMAN 1 WELL DIAGRAM.pdf
[2012/07/19 19:25:26 | 000,572,721 | ---- | C] () -- C:\Users\Ralph\statewide rule 14.pdf
[2012/03/29 10:46:39 | 000,324,088 | ---- | C] () -- C:\Users\Ralph\hrlor4hwellboresketch
[2012/03/29 10:26:28 | 000,324,087 | ---- | C] () -- C:\Users\Ralph\hr lor 4h wellbore sketch sketch
[2012/03/29 10:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\ hr lor 4h wellbore sketch sketch
[2011/09/30 12:22:58 | 000,243,167 | ---- | C] () -- C:\Users\Ralph\LVVL DRAFT QTR MILE MAP FAILOR B 1D.pdf
[2011/05/06 14:04:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/10 18:17:32 | 000,007,609 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/28 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\AVSoftware
[2013/09/10 05:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\DriverCure
[2013/04/04 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FreePriceAlerts
[2011/07/06 08:00:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\go
[2013/10/20 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2014/02/12 14:02:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PrimoPDF
[2010/05/30 18:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ScanSoft
[2010/12/27 10:16:19 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Sierra Wireless
[2010/12/27 10:14:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Smith Micro
[2013/09/10 05:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\SparkTrust
[2011/01/13 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Tific
[2010/05/30 18:46:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
  • 0

Similar Topics: SafeSearch     x


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Hi mmann ! My name is zep516 and Welcome to Geekstogo
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Lets get started

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be minimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Download Security Check by screen317 from Here. or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post the following logs in your next reply:

  • JRT.txt
  • AdwCleaner[R0].txt
  • checkup.txt
  • Extras.txt

Thanks
Joe :)
  • 0

#3
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x86
Ran by Ralph on Wed 03/12/2014 at 18:18:35.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\safesearch.safesearch1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E27D5867-80DE-4449-9C03-71707C0DB05B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Ralph\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files\safesearch"
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{05F7DBE9-6D2C-45F5-BF55-0E291625E35D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{0C2C974A-2817-4BC8-BAF1-B966330DDBE4}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{13112286-05CF-4636-A9ED-38CDF76ECB7D}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{165FBAA2-0293-4C30-B140-60F3121E0018}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{243A483A-5178-4333-9DF7-209BC20855EC}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{27DEF18B-F70F-4D05-B45C-80A4E66083FA}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3BFD60C1-7D4B-4705-B5DD-36C42F051026}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{3DCD17EE-0C51-41BF-ADF0-39615177516C}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{41F5A035-12F7-4C47-A5F4-735E05F1F094}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{49C269E2-2CD1-418C-A04D-0EAF5F81C6BE}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{4DE17DD9-648E-425A-8CEB-25B51C47E72A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{56257CF5-1EEF-465C-A62E-619C451F7060}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{5BAB415C-5D14-45F8-9B40-7F661CC98935}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{5C7CF923-3E4D-402D-A7CF-5B11CC78EB40}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{632F51AE-EDED-426A-8E94-E82A38E39965}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{68442B66-9363-4871-B200-5AD27E5C3769}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{6D0FE4D4-18D3-4F43-909E-D016BDFA5C12}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{7584B515-8BF8-4F41-A8C1-B63D5C7E7A19}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{887B4D1F-927B-406E-8854-E615D954E332}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{93D96BC0-E7EE-4D4D-AFA0-DBE4308E9EFF}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{9E51F2EB-C5A7-44B1-8CBD-75D4DE4C6D43}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{A1D2D409-AC6A-4C27-86BF-9D4934E8394A}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{A3F75DAE-0B45-43EA-8932-69BA576A70A9}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{A790C674-ECD8-4AA4-81E3-CF66DD826755}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{A879DDB0-CB61-4A77-9B09-15939D086905}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{AD7907A1-3C0E-4D6A-A87E-DF31C5268D8B}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{BCF04382-9572-479A-ACC3-1DC703268CD0}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{BEBB58A8-6951-45AC-BAF2-5D2129B4B895}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{C601124A-DE71-4EE2-926E-5B262B846286}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{D357B939-4AE2-46E7-B608-FC4927134C55}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{EA9DD370-465D-49E5-B08C-F5CDF979D909}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FB8D0C87-2E29-4EBF-9048-37E996A2D4E7}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FD12006A-1974-47F2-AAF7-5301E1BB6941}
Successfully deleted: [Empty Folder] C:\Users\Ralph\appdata\local\{FE95159C-239E-4799-AC9A-FC017FDF19CA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at 18:29:58.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner[R0]:

# AdwCleaner v3.021 - Report created 12/03/2014 at 18:07:51
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ralph - 7W13426
# Running from : C:\Users\Ralph\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\MyPC Backup
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\Ralph\AppData\Local\Smartbar
Folder Found C:\Users\Ralph\AppData\LocalLow\Smartbar
Folder Found C:\Users\Ralph\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3e9_NSVeAPDZMNgx9fwsazqXf-eHr-7FVwBMG6UyInN-4r-Ikc2UfE4ozj9_eZdcw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3ex1Y-Th5LbtzBYva8cxJioaGcoxO-DSU50lvYKbPMIPCWX65OPK-54eHLlazamTw,,
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3e9_NSVeAPDZMNgx9fwsazqXf-eHr-7FVwBMG6UyInN-4r-Ikc2UfE4ozj9_eZdcw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3e9_NSVeAPDZMNgx9fwsazqXf-eHr-7FVwBMG6UyInN-4r-Ikc2UfE4ozj9_eZdcw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3e9_NSVeAPDZMNgx9fwsazqXf-eHr-7FVwBMG6UyInN-4r-Ikc2UfE4ozj9_eZdcw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqw0VwgAFK9R-1qd7EcXzgzbcgeKlEXrhC9XzKDITg_QytIwXiNusfEcGLgER6n_pH52pZDN0aBKCB3e9_NSVeAPDZMNgx9fwsazqXf-eHr-7FVwBMG6UyInN-4r-Ikc2UfE4ozj9_eZdcw,,&q={searchTerms}

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9388 octets] - [12/03/2014 18:07:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9448 octets] ##########

Checkup:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Extras:

OTL Extras logfile created on: 3/11/2014 7:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.68% Memory free
5.73 Gb Paging File | 4.02 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 171.09 Gb Free Space | 78.41% Space Free | Partition Type: NTFS

Computer Name: 7W13426 | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1BD0B-DD3B-4E47-8F14-F5BE57C6AB39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0DC5131A-FC4A-40F8-9A56-3193B842E690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2214421E-CF86-466D-B8AA-C55A4111FBA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25E6846A-624E-4AC0-A537-82CEC0BAFF33}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2826B02E-D3DF-4A1A-B5B7-AEA22E1696BC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2873DAAB-4D44-4697-A8CF-946C97E01B48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AA6179E-63AB-46B0-9D6E-BD1A1F0C936A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FE4CC7B-F165-4F80-AC23-6D9C9B7D9436}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3BC4DB36-959D-47D0-994B-6C691794C3CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D1CF6E1-ECBA-492D-82DC-C3AE354237C3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40207617-2E3C-45B3-83DC-2786A85EA70F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4603C65B-8445-413B-B156-CD95942701D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CBAC04F-4D80-4B7A-9428-9914771FF3EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5F57A0DC-EA06-443A-845C-664EBFD99DE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{632C2F1A-0EE5-4DF8-8DA7-59D574C145C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{641821FB-5AB2-4D10-94AD-12053152D3C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BD95788-967A-49FB-A587-5149B2EDBF5C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D395E20-22D2-4E9F-A4B8-B4181357DCA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{864E6BE8-48B7-4229-9604-CCEB2054B451}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{870A894D-A567-481E-A2FD-40F06998DA8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{8758F198-C1AF-457E-A841-6DDF30DB6456}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8B2D92F7-E780-4CA4-934E-AE1FDC110F74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D1CB93B-8DC7-47AD-94EA-14C1D824F66B}" = lport=138 | protocol=17 | dir=in | app=system |
"{92BBBCC0-9693-4B62-85F9-311A3D6B95D3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{937CF082-6544-4984-BD92-D479944EBBF7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{93A250F7-E002-480F-84B6-C3F519CA9A78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9467D31F-231C-46E5-AEDE-2D95E8EBA821}" = rport=137 | protocol=17 | dir=out | app=system |
"{95B0D5FE-D690-449B-9C60-4F587FFA0504}" = lport=445 | protocol=6 | dir=in | app=system |
"{99DE802E-39B9-407F-ABE8-2BA450B8BC03}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9A5744DF-DD5A-41A2-A109-99C47AD238F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A6A4AF7A-4F3C-4530-B989-F43F5D0A466C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A6D9C110-B462-467D-B605-15FFAA719989}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF49E7F5-47B3-42DE-BDE8-6D3A56CF6543}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFD4FEAC-43FE-4AE3-944A-EAD38EBE61CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1687AED-8E58-4903-B5DF-4AC3254260FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B30F6543-2A4D-4D0B-A4E4-061AC9362829}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB218D73-D497-4D35-B150-221C5D8626CE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BCB6B772-7257-4778-A21D-C6D1090C83EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7ECC45B-DB75-45BD-8C1F-3B4296FCBADC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0B3220A-5780-400E-8F62-F6973F05EA1C}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{E0E686BB-8E54-4667-A0AD-B6EA5BF23A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E257D535-E0F9-4075-800D-688D1494FAD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB812EC1-0C69-44C7-AF61-B689CDB0D69B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF4457FC-EB69-4D14-A343-0BFB3095EC4F}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD264245-EACB-418E-A3A4-FC243F971EEC}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041E4723-8D1E-4F3D-9E11-55437114F80F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{04BEF058-BDDF-4C83-AD20-5631D70FFA80}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\faxapplications.exe |
"{0BA0F90D-043C-4FCB-850D-43884AB3677E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10B108FC-8AD3-439F-8BF8-3A9E0F1FF17A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15225884-A5A0-4308-8787-FD81F0915744}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{19823B84-4B32-4E90-AF78-BF398FA3809B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19953F66-315B-4DFE-A2E2-76D9A56F5791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E7CC639-6C32-4041-B141-055AC2EB3088}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2DA96037-F83F-4168-B2AB-2FEF09DBA316}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2EF76CD6-9168-4B75-BB65-54D9E205FD9F}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{3874BCE5-181F-4F36-9D2A-35520B32E9DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3F292EB5-4D8E-41AE-A58C-C54610DAB5B5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4334BC9A-E9FC-44EF-AF03-C3F76331BF92}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{4F540ABC-DC30-4CC1-B3B3-9A66CB567342}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{518837DB-901E-4D6B-9D18-5281D617D2DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{51A5F45A-EF1E-4CBB-9436-3AEC750EBDC5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{545652DF-BDE8-4222-B8D7-57AFF268C784}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63BB8734-2113-45F0-B6A0-6FBF48C593D8}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicatorcom.exe |
"{63CC83AA-1557-45FC-B72D-876585067822}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67048BEB-77C5-4E1C-8BAB-A843943AB780}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69BE48A4-7DB2-45DA-BB33-CA2AFC5DC005}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6D67AECC-D6BD-4082-922E-A8146503F869}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{77A94BFE-F47E-4232-AE58-EBEE55C79606}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81D0B622-FED3-4B8B-8B84-6E11E9AF6F73}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{888D88BC-1AF5-4C58-9208-ACB0528F9CD7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8C53344A-C249-4FEB-9B0C-DBE8343EF04D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95DB5CA3-3898-4C9A-8633-353C509445F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9EF871CA-9FF8-4D6E-815C-974249B61BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC208CEB-5676-48BD-8986-56A20EBF85BD}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\sendafax.exe |
"{B8581753-95F5-4D60-8B3C-4F8F0561051F}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{BFC05FFF-A687-401A-8534-9898FC4218C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C11E72E7-7E3D-424D-B5F8-F28228267DD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C18030AA-7A07-4FC6-8918-51738B679DDB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C2881A4E-C001-440A-BB4B-6F9BD483E355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C434CD3F-408A-428A-A766-C0FE2632EE85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8C65E78-187A-46DF-9FBF-6FB0A8C6B48D}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\digitalwizards.exe |
"{D44FACA4-3B84-4B62-B8BF-BB43ED51903E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D7C18907-FF5A-4C2E-8950-50A769BAE745}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{DC8DE2B2-940A-41EF-8D4A-0D8CABDB3ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E18A4A3F-5749-4DBD-9748-C226207BBDDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1AFFE28-4EA7-42B8-B3E5-7F55371B1945}" = protocol=6 | dir=out | app=system |
"{F17FC707-5BA4-4693-A52E-33B652EC6E28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1B1B417-8561-4F05-A790-FA7894229FD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA3459F3-CA16-482A-AC8A-7EC8F581C365}" = dir=in | app=c:\users\bob\desktop\ojp8500va909_full_13\setup\hpznui01.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{11D4FAA0-A577-4FA8-B24E-D24283D861D1}" = QuickShare
"{14BEBF02-A501-4A68-ABEB-286CCB28AE9F}" = HP Officejet Pro 8500 A910 Basic Device Software
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3759CC1E-8259-4B0D-862A-078EABFFD97F}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}" = Sierra Wireless USB MUX Driver Package
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57CC5470-7CA7-4D21-8025-78FEEBFF7167}" = Sierra Wireless AC595 Firmware Update Package
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78008C07-1C52-CA58-B449-6DE9ACF8B873}" = MozyHome
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED9FB365-8BD6-4C80-9543-96FA25F430E7}" = Sierra Wireless AC595U Firmware Update Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card" = DW WLAN Card
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOCR" = OCR Software by I.R.I.S. 13.0
"N360" = Norton 360
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 16.0" = RealPlayer
"SafeSearch_is1" = SafeSearch
"SynTPDeinstKey" = Dell Touchpad
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2014 12:57:54 PM | Computer Name = 7w13426 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16798 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1204 Start
Time: 01cf3bb78c811788 Termination Time: 70 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/9/2014 12:58:31 PM | Computer Name = 7w13426 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16798 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4ec Start
Time: 01cf3bb8b722bd44 Termination Time: 40 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/9/2014 12:59:15 PM | Computer Name = 7w13426 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16798 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16fc Start
Time: 01cf3bb8ccd5ddbc Termination Time: 30 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/9/2014 3:34:10 PM | Computer Name = 7w13426 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 14:34:10.002]: [00002020]: GetDeviceIpAddress:
GetAddressByName [BRW904CE5319C80] Error

Error - 3/10/2014 8:32:05 AM | Computer Name = 7w13426 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/10 07:32:05.110]: [00001984]: GetDeviceIpAddress:
GetAddressByName [BRW904CE5319C80] Error

Error - 3/10/2014 8:59:11 AM | Computer Name = 7w13426 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HP\HP Officejet
Pro 8500 A910\DriverStore\Pipeline\amd64\hpinkins5312.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/10/2014 9:02:19 AM | Computer Name = 7w13426 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\safesearch\ie\adxloader.dll.Manifest".Error
in manifest or policy file "c:\program files\safesearch\ie\adxloader.dll.Manifest"
on line 2. The manifest file root element must be assembly.

Error - 3/10/2014 9:05:57 AM | Computer Name = 7w13426 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/10/2014 9:06:05 AM | Computer Name = 7w13426 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files\safesearch\ie\adxloader.dll.Manifest".Error
in manifest or policy file "c:\program files\safesearch\ie\adxloader.dll.Manifest"
on line 2. The manifest file root element must be assembly.

Error - 3/11/2014 10:26:17 AM | Computer Name = 7w13426 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/11 09:26:17.406]: [00002040]: GetDeviceIpAddress:
GetAddressByName [BRW904CE5319C80] Error

[ Media Center Events ]
Error - 12/1/2013 8:51:18 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 6:51:18 PM - Error connecting to the internet. 6:51:18 PM - Unable
to contact server..

Error - 12/1/2013 8:51:37 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 6:51:24 PM - Error connecting to the internet. 6:51:24 PM - Unable
to contact server..

Error - 12/1/2013 9:51:42 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 7:51:42 PM - Error connecting to the internet. 7:51:42 PM - Unable
to contact server..

Error - 12/1/2013 9:51:49 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 7:51:47 PM - Error connecting to the internet. 7:51:47 PM - Unable
to contact server..

Error - 12/1/2013 10:53:48 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 8:53:48 PM - Error connecting to the internet. 8:53:48 PM - Unable
to contact server..

Error - 12/1/2013 10:53:56 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 8:53:53 PM - Error connecting to the internet. 8:53:53 PM - Unable
to contact server..

Error - 12/11/2013 11:37:04 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 9:37:04 PM - Error connecting to the internet. 9:37:04 PM - Unable
to contact server..

Error - 12/11/2013 11:37:13 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 9:37:09 PM - Error connecting to the internet. 9:37:09 PM - Unable
to contact server..

Error - 2/5/2014 7:47:55 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 5:47:55 PM - Error connecting to the internet. 5:47:55 PM - Unable
to contact server..

Error - 2/5/2014 7:48:05 PM | Computer Name = 7w13426 | Source = MCUpdate | ID = 0
Description = 5:48:00 PM - Error connecting to the internet. 5:48:00 PM - Unable
to contact server..

[ System Events ]
Error - 3/11/2014 7:51:44 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/11/2014 7:51:44 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 3/11/2014 7:51:53 PM | Computer Name = 7w13426 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Hello mmann,

Lets remove SafeSearch from programs & features If found.
==> Click > Start > Control Panel > Programs & Features and remove SafeSearch

Next

We need to do a fix to delete some files using OTL. Please remember to run OTL as adminstrator.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearc...1C78A6723174097
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearc...1C78A6723174097
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {4322E30D-E271-45D4-BB74-9BBD056525F4}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearc...1C78A6723174097
    FF - HKCU\Software\MozillaPlugins\avsoftware.org/safesearch: C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)
    O2 - BHO: (SafeSearch) - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
    O3 - HKLM\..\Toolbar: (SafeSearch Toolbar) - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: pghexchange.com ([www] https in Trusted sites)
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

In your next reply post

  • The OTL Fix log, located here --->C:\_OTL\Moved Files
  • New OTL Log after quick scan is run.

Most important I need to know how the computer is now!

Thanks
Joe :)
  • 0

#5
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
When I went to remove safesearch it says "An error occurred while trying to uninstall SafeSearch. It may have already been uninstalled. Would you like to remove SafeSearch from the Programs and Features list?"
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
OK,

Move on to the next step of instructions and post the log files asked for.

Thanks
Joe :)
  • 0

#7
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
MovedFiles

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\avsoftware.org/safesearch\ deleted successfully.
File C:\Program Files\SafeSearch\npsafesearch.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e27d5867-80de-4449-9c03-71707c0db05b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e27d5867-80de-4449-9c03-71707c0db05b}\ deleted successfully.
File C:\Program Files\SafeSearch\ie\adxloader.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}\ deleted successfully.
File C:\Program Files\SafeSearch\ie\adxloader.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pghexchange.com\www\ deleted successfully.
C:\Windows\System32\SET586C.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ralph\Downloads\cmd.bat deleted successfully.
C:\Users\Ralph\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: bob

User: bob dad

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: denise
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 466779 bytes
->Flash cache emptied: 434 bytes

User: Owner

User: Public

User: Ralph
->Temp folder emptied: 4666773 bytes
->Temporary Internet Files folder emptied: 171773966 bytes
->Java cache emptied: 46292284 bytes
->Google Chrome cache emptied: 217921376 bytes
->Flash cache emptied: 11106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6918170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 427.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03162014_093745

Files\Folders moved on Reboot...
C:\Windows\temp\wbxtra_03152014_071400.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

New OTL Quick Scan

OTL logfile created on: 3/16/2014 12:08:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralph\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.79% Memory free
5.73 Gb Paging File | 4.50 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 170.54 Gb Free Space | 78.16% Space Free | Partition Type: NTFS

Computer Name: 7W13426 | User Name: Ralph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/14 19:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/03/11 19:07:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralph\Downloads\OTL.exe
PRC - [2013/12/11 14:14:42 | 004,645,704 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/08 08:52:28 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/08 14:14:57 | 000,044,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/03 18:27:08 | 000,043,904 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2010/01/05 07:30:10 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/01/05 07:30:10 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/18 15:24:42 | 003,853,080 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/14 19:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 19:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 19:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 19:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 19:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 19:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2014/03/11 21:46:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/03 18:27:08 | 000,043,904 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/06/02 10:56:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/26 16:22:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/05 07:30:10 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2014/03/05 19:43:34 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140314.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/02/24 05:18:42 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140315.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/02/24 05:18:42 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140315.009\NAVENG.SYS -- (NAVENG)
DRV - [2013/12/17 19:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 09:50:11 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 09:50:10 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/17 11:55:15 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symnets.sys -- (SymNetS)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/05 07:30:10 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/10/29 17:55:30 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/26 07:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/16 23:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/09 22:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008/02/29 18:08:08 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B5CDF8FF-BF82-444A-AB64-0EBA4D35900C}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 10 67 73 B4 98 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{4322E30D-E271-45D4-BB74-9BBD056525F4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/16 12:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/08 08:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/08 08:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/18 07:47:20 | 000,000,000 | ---D | M]

[2013/09/10 14:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralph\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live�? Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/03/16 09:43:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2047AC-1573-4B30-9CF1-113D166A4A04}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/16 09:37:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/12 18:18:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/12 18:07:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/09 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ralph\AppData\Local\LPT
[2014/02/26 10:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/26 10:37:50 | 000,000,000 | ---D | C] -- C:\dc3c1c59754644550fed01a073

========== Files - Modified Within 30 Days ==========

[2014/03/16 12:09:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/16 12:09:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/16 12:06:44 | 000,665,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/16 12:06:44 | 000,123,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/16 12:02:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/16 12:02:29 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/03/16 12:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/16 12:02:04 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/16 11:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/16 11:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/16 10:02:05 | 000,005,346 | ---- | M] () -- C:\Windows\mozy.flt
[2014/03/16 10:02:05 | 000,003,444 | ---- | M] () -- C:\Windows\mozy.blk
[2014/03/16 09:43:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/03/15 07:46:39 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/13 06:31:23 | 000,419,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2014/02/28 10:45:47 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/02/12 13:55:19 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013/09/04 11:45:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/28 11:18:36 | 000,000,258 | RHS- | C] () -- C:\Users\Ralph\ntuser.pol
[2012/11/19 12:21:30 | 000,000,160 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/07/20 16:55:30 | 000,518,446 | ---- | C] () -- C:\Users\Ralph\HR FREEMAN 1 FACT SHEET.pdf
[2012/07/20 16:09:41 | 000,789,821 | ---- | C] () -- C:\Users\Ralph\HR FREEMAN 1 WELL DIAGRAM.pdf
[2012/07/19 19:25:26 | 000,572,721 | ---- | C] () -- C:\Users\Ralph\statewide rule 14.pdf
[2012/03/29 10:46:39 | 000,324,088 | ---- | C] () -- C:\Users\Ralph\hrlor4hwellboresketch
[2012/03/29 10:26:28 | 000,324,087 | ---- | C] () -- C:\Users\Ralph\hr lor 4h wellbore sketch sketch
[2012/03/29 10:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Ralph\ hr lor 4h wellbore sketch sketch
[2011/09/30 12:22:58 | 000,243,167 | ---- | C] () -- C:\Users\Ralph\LVVL DRAFT QTR MILE MAP FAILOR B 1D.pdf
[2011/05/06 14:04:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/10 18:17:32 | 000,007,609 | ---- | C] () -- C:\Users\Ralph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/28 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\AVSoftware
[2013/04/04 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\FreePriceAlerts
[2011/07/06 08:00:58 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\go
[2013/10/20 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Oracle
[2014/02/12 14:02:57 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\PrimoPDF
[2010/05/30 18:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\ScanSoft
[2010/12/27 10:16:19 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Sierra Wireless
[2010/12/27 10:14:23 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Smith Micro
[2011/01/13 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Tific
[2010/05/30 18:46:36 | 000,000,000 | ---D | M] -- C:\Users\Ralph\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >

How is the system?

It is booting faster and the internet seems faster too.
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Hello mmann,

I need to double check something. Could you please run adwcleaner again. In post # 3 i see the scan option was run but I'm not so sure you ran the clean option that actually deletes the files.

To do that:

Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


In your next reply post for me:

  • AdwCleaner[S0].txt
  • Malwarebytes log

Thanks
Joe :)
  • 0

#9
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
# AdwCleaner v3.022 - Report created 17/03/2014 at 22:07:00
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ralph - 7W13426
# Running from : C:\Users\Ralph\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9528 octets] - [12/03/2014 18:07:51]
AdwCleaner[R1].txt - [882 octets] - [17/03/2014 22:04:45]
AdwCleaner[S0].txt - [8247 octets] - [12/03/2014 18:10:31]
AdwCleaner[S1].txt - [804 octets] - [17/03/2014 22:07:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [863 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16844
Ralph :: 7W13426 [administrator]

3/17/2014 10:13:35 PM
mbam-log-2014-03-17 (22-13-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261749
Time elapsed: 19 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e27d5867-80de-4449-9c03-71707c0db05b} (PUP.Optional.SafeSearch.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fpooidjoepcceohjkoffjgioneogihij (PUP.Optional.SafeSearch.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Ralph\AppData\Local\LPT (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Configs (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Resources (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.

Files Detected: 38
C:\Users\Ralph\Downloads\Adware-Setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\ccleaner.exe (PUP.Optional.SoftM8.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Windows\Installer\eb356f.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\PublisherSettings.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\FiddlerCore.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\HtmlAgilityPack.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\linmsl.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\LPTInstaller.msi (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\lrrot.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\NewConfig.txt (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Newtonsoft.Json.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Common.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Communication.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Personalization.Common.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\sppsm.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\spusm.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srbs.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srbu.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\sreu.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srpdm.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srprl.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srpt.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srptc.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srptm.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srptm.exe.config (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\srut.dll (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\UserSettings.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\XMLOperations.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Configs\BrowserSettings.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Configs\LPTMapping.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Configs\Timers.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\Ralph\AppData\Local\LPT\Resources\LPT.xml (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.

(end)
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Good job mmann,

Are there any issue remaining ?
  • 0

#11
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
I feel like everything is good now

Thanks!
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Nice work mmann :)

One more scan to double check things, post the scan results, after that we clean up our tools so stick around...

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

In your next reply post the ESET Log report.
  • 0

#13
mmann

mmann

    New Member

  • Member
  • Pip
  • 7 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

List of potential Threats

C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ralph\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Nice work mmann,

Everything ESET found will be removed during the next exercises please follow through:

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Last

I post this for everyone. There prevention steps

Turn On Automatic Updates:

To do that:

1. Click Start,click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for "any" time of day. Remember, your computer must be on at the scheduled timefor updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are then downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that "you" can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

Antispyware programs:

I would recommend the download and installation of the following program and the updating of it regularly:

WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Thanks
Joe :)
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 1,963 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured