Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security warnings and pop ups. [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi,

 

Use the instructions in Step 2. of post #5 to look for a Chrome extension named WeatherBlink and uninstall or disable it.

 

Let me know if that got it.


  • 0

Advertisements


#17
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

The only extension I see is "fromDoctoPDF".


  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Open Chrome

  • Click the Chrome Menu icon and click Settings:

    chrome_image.jpg
  • On the Chrome Settings page, click Settings in the left column and under the On startup section if there is a dot in the radio button beside Open a specific page or set of pages, click Set Pages.

    resolve-google-pages-unresponsive-alert-
  • If there is a URL listed there that you don't recognize, delete it and change the URL to what you want...like www.google.com

  • 0

#19
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

www.yahoo.com is the only URL that is listed!


  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Run ZOEK

Important: Close/disable all anti virus and anti malware programs so they do not interfere with the downloading or runing of Zoek.exe
Here or here you can read a manual how to disable your security applications.

  • Download zoek.exefrom here (Please click on the Download ZOEK.exe button) and save it to the desktop.
  • Close any open windows and all browsers.
  • Right click on Zoek.exe, click Run as Administrator and OK any UAC prompts to run the program.
    NOTE:Please wait while the tool starts. It will appear to be doing nothing and may take a few minutes to come up.
  • You will see the Zoek console:

    52b6de58f1952-Zoek_Startpagina_5.0.0.0.P
  • Copy the following script in the code box and Paste it into Zoek. To do that:
    • Highlight the text in the Code box below, then right click the mouse and click Copy.
    • Click the mouse inside the blank area of the Zoek console, then click the Paste from Clipboard button at the bottom of the console.
    • The script should appear inside the window.
    Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar!
    StandardSearch;
    installer-list;
    installedprogs;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (Usually C:\).
  • Please post the logfile in your next reply.

  • 0

#21
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

When I clicked on the "here" to download zoek program a pop up for christian mingle showed up in its own window!

 

here is the log file:

 

 
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by djokrall on Tue 05/06/2014 at 18:12:52.20.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\djokrall\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
5/6/2014 6:15:02 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Windows Installer Info ======================
 
32 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\257AF08A194C9DE4BA0F24876513062B]C:\Windows\Installer\111d869.msi
6500_E709_eDocs  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E23431ED1C0F24845AABCC99D77AA207]C:\Windows\Installer\655312.msi
6500_E709_Help  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D53B581F5E8388D42B57518C7CCF3475]C:\Windows\Installer\655386.msi
6500_E709a  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\51CCA1A62367ab543ABA2005BE4D7BDD]C:\Windows\Installer\65538d.msi
Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6C2C29BE07FB794887AF1FE898872B2]c:\Windows\Installer\9b096.msi
Adobe Reader XI (11.0.06) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010]C:\Windows\Installer\40033a.msi
Bouncing Balls [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C912DF66843C2FF1A9C8F1FA4AF4909A]C:\Windows\Installer\e0fcce.msi
bpd_scan  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25D06F75B0365C34DB0271F6C54DEE6D]C:\Windows\Installer\6552e3.msi
BPDSoftware  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5F5EAD8307CE5aa408B11DC10A3AB314]C:\Windows\Installer\6552e9.msi
BPDSoftware_Ini  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F080CC600E25D14EB743ACB87E4D9BF]C:\Windows\Installer\6552ef.msi
BufferChm  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AA7AEE2302C09b43AF491BFE71F8CC1]C:\Windows\Installer\65530c.msi
Cards_Calendar_OrderGift_DoMorePlugout  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9DCFCAC4B17FA314D85FA146915DDC6C]C:\Windows\Installer\cb4a.msi
Compaq Demo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8336B2F770C40A94DB0FDA293E21A4E7]c:\Windows\Installer\cb66.msi
Compatibility Pack for the 2007 Office system [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109020090400000000000F01FEC]C:\Windows\Installer\cb8d.msi
Destination Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EE65E9FE3420DAB4884FE55780AAD769]C:\Windows\Installer\65536d.msi
DeviceDiscovery  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E87B967FE0FF5bd4592EF9C4D83625EF]C:\Windows\Installer\655363.msi
DocMgr  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0491C92C58BCB3F409C633EF0E6E1730]C:\Windows\Installer\655327.msi
DocProc  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B1896769D2A0D94F9C43010F831D19A]C:\Windows\Installer\65532d.msi
EMET  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDD5A7ED3B74FF240A281E85ED3A3729]C:\Windows\Installer\7753bf.msi
Fax  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C406BEEE7A1Cc8f40BF3659F1C9C4CF5]C:\Windows\Installer\65537a.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\17ca38.msi
GPBaseService2  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90DF846FAEC77524CB868A831998DF15]C:\Windows\Installer\655349.msi
Hewlett-Packard Active Check [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA73C45227B60034486F898A429181E7]c:\Windows\Installer\cb2a.msi
Hewlett-Packard Asset Agent for Health Check [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\53A4D966B6414134981FA13C7D8B3876]c:\Windows\Installer\cb24.msi
HP Active Support Library [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F633BB1185E077948B662FF43A4316B6]c:\Windows\Installer\cb1e.msi
HP Advisor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\24E34A3785639DD45815AFDC3A365283]C:\Windows\Installer\44fd8e.msi
HP Customer Feedback [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F077ABD937FB93D41BFD06539D2586CF]C:\Windows\Installer\cb93.msi
HP Photosmart Essential 2.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AF0DABFC901144EAA62C48C48821AF]C:\Windows\Installer\cb37.msi
HP Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EBF68479CF3A3874D855AE739E1D17CC]C:\Windows\Installer\c5fb46.msi
HPPhotoSmartPhotobookWebPack1  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06367A21E88372B4BABE5DCF3587DDA2]C:\Windows\Installer\cb43.msi
HPProductAssistant  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B99B1D98DADd0444BBF915133F2CB2C]C:\Windows\Installer\655343.msi
HPSSupply  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9624DEE6D8858b548AC0629AAC26EEE4]C:\Windows\Installer\655333.msi
Java 7 Update 55 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120755FF]C:\Windows\Installer\7c257.msi
Java Auto Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401]C:\Windows\Installer\7c25d.msi
LightScribe System Software  1.10.23.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E38A91E0B35FFC04C819693FD259E5A6]c:\Windows\Installer\cb55.msi
LightScribeTemplateLabeler  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80B4D503708557441B8C5D6458358446]C:\Windows\Installer\cb5c.msi
MarketResearch  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BF923A2D98369349A479256D68646EA]C:\Windows\Installer\655318.msi
Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D]c:\Windows\Installer\227b6b.msi
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\271D3094BCCDF293393A43ACD974EFD3]C:\Windows\Installer\12f7bbe.msi
Microsoft Office PowerPoint Viewer 2007 (English) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002159FA0090400000000000F01FEC]C:\Windows\Installer\cb88.msi
Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9C543A6319601A54EAFE92CECEB80541]c:\Windows\Installer\f86441.msi
Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\1ee1591.msi
Microsoft VC9 runtime libraries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F409C3552A75311488E8ABC0D3C1960C]C:\Windows\Installer\9aba61.msi
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\Windows\Installer\486e0.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\4a2ef.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\2f89ae.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\4981f.msi
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\11fd69.msi
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C19C71A0554A98E38B7B441E297F6953]c:\Windows\Installer\11fd70.msi
Microsoft Works [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DC8CB51B56A0D742ADD098A4295F08A]C:\Windows\Installer\cb83.msi
MSXML 4.0 SP2 (KB927978) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\568774731F3A2774DA34AACFB6FC9FF9]c:\Windows\Installer\cbfae2.msi
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\cbfadc.msi
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\ff8263.msi
Network  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A9A9A787BAF42243982F02A50C8F05D]C:\Windows\Installer\6552cd.msi
OpenOffice 4.0.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AD064F74EB1D58D4D82FAAF1133D44F5]C:\Windows\Installer\e5ab3.msi
ProductContext  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A64B92190F15b1348983FD27273F02E4]C:\Windows\Installer\655380.msi
PSSWCORE  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\990BFB432B7059E46A3737266D80662A]C:\Windows\Installer\cb31.msi
Rapport  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7E18DD182D0BEC4782B0C144ACF2B51]C:\Windows\Installer\fbcc.msi
Scan  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C9DFCCC9F842EF74496961083E5E1C36]C:\Windows\Installer\6552dd.msi
Simple Adblock [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F7A57A9A5874D034083177CBF11DA3C4]C:\Windows\Installer\121c229.msi
SmartWebPrinting  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D487E0083E3584944B19E9F75AAEBCCD]C:\Windows\Installer\65534f.msi
Snapfish Picture Mover [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1095B92072F1743499328ECA8C5FE451]C:\Windows\Installer\cb72.msi
SolutionCenter  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D6ED3069765487b49B1448392273D32E]C:\Windows\Installer\65533d.msi
Status  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A75C7A308C2Bb904295E25A4D0DFD03D]C:\Windows\Installer\65535d.msi
swMSM  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows\Installer\a8cd9.msi
Toolbox  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3AB31CAB6334a543BEFD203857A5B33]C:\Windows\Installer\6552fc.msi
TrayApp  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\876403D4E8370a2439A1B220F294ED8B]C:\Windows\Installer\655357.msi
UnloadSupport  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C82C7E4AD5DF9E41AAC0694B045EA53]C:\Windows\Installer\6552f6.msi
VideoToolkit01  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E77CD80EA90D63e408766DBDCB5C8FCD]C:\Windows\Installer\cb3d.msi
WebReg  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B66A780F0F1d8a46A94C0EF72A67A0C]C:\Windows\Installer\655302.msi
 
==== Installed Programs ======================
 
32 Bit HP CIO Components Installer  
3D Ultra Minigolf Adventures  
6500_E709_eDocs  
6500_E709_Help  
6500_E709a  
7 Wonders of the Ancient World  
AC3Filter 1.63b  
Adobe AIR  
Adobe Flash Player 13 ActiveX  
Adobe Flash Player 13 Plugin  
Adobe Reader XI (11.0.06)  
Adobe Shockwave Player 12.0  
Aloha Solitaire  
Auslogics DiskDefrag  
Bejeweled 2 Deluxe  
Bejeweled 3  
Blasterball 2 Revolution  
Blasterball 3  
Bouncing Balls  
bpd_scan  
BPDSoftware  
BPDSoftware_Ini  
BufferChm  
Cards_Calendar_OrderGift_DoMorePlugout  
CCleaner  
Chuzzle Deluxe  
Compaq Demo  
Compatibility Pack for the 2007 Office system  
Crystal Maze  
CyberLink DVD Suite Deluxe  
Destination Component  
DeviceDiscovery  
Diner Dash  
DocMgr  
DocProc  
EMET  
FATE  
Fax  
FileHippo.com Update Checker  
Fish Tycoon  
Game Discovery  
Games Manager  
Gold Rush Deluxe  
Google Chrome  
Google Update Helper  
GPBaseService2  
Hewlett-Packard Active Check  
Hewlett-Packard Asset Agent for Health Check  
HiJackThis  
Hotel Solitaire  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
HP Advisor  
HP Customer Experience Enhancements  
HP Customer Feedback  
HP Customer Participation Program 12.0  
HP Document Manager 2.0  
HP Easy Setup - Frontend  
HP Games  
HP Imaging Device Functions 12.0  
HP Officejet 6500 E709 Series  
HP On-Screen Cap/Num/Scroll Lock Indicator  
HP Photosmart Essential 2.5  
HP Smart Web Printing  
HP Solution Center 12.0  
HP Update  
HPDiagnosticAlert  
HPPhotoSmartPhotobookWebPack1  
HPProductAssistant  
HPSSupply  
Insaniquarium Deluxe  
Java 7 Update 55  
Java Auto Updater  
Jewel Quest  
Jewel Quest 2  
Jewel Quest Solitaire  
Jewel Quest® Solitaire  
KeyScrambler  
LightScribe System Software  1.10.23.1  
LightScribeTemplateLabeler  
Magic Academy  
Mah Jong Quest  
Mahjongg Dimensions Deluxe - Tiles in Time  
Malwarebytes Anti-Malware version 2.0.1.1004  
MarketResearch  
Microsoft .NET Framework 3.5 SP1  
Microsoft .NET Framework 4.5.1  
Microsoft Office PowerPoint Viewer 2007 (English)  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft VC9 runtime libraries  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)  
Microsoft Works  
Mozilla Firefox 29.0 (x86 en-US)  
Mozilla Maintenance Service  
MSXML 4.0 SP2 (KB927978)  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
muvee autoProducer 6.1  
Network  
NVIDIA Drivers  
OCR Software by I.R.I.S. 12.0  
Online Games Manager v1.30  
OpenOffice 4.0.1  
Otto's Magic Blocks  
Peggle  
Penguins  
Polar Bowler  
Polar Golfer  
Polar Golfer Pineapple Cup  
ProductContext  
PSSWCORE  
Python 2.5  
Rapport  
Realtek High Definition Audio Driver  
Ricochet Lost Worlds  
Scan  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Setup Support for Weatherbug 1.0  
Shooting Stars Pool  
Shop for HP Supplies  
Simple Adblock  
Slingo Deluxe  
SmartWebPrinting  
Snapfish Picture Mover  
Soft Data Fax Modem with SmartCP  
SolutionCenter  
SpiderMania Solitaire  
SpywareBlaster 5.0  
Status  
Super GameHouse Solitaire Volume 2  
Super Granny  
Super Mahjong  
Super TextTwist  
SUPERAntiSpyware  
swMSM  
TextTwist 2  
The Weather Channel App  
Toolbox  
Tradewinds  
TrayApp  
Trusteer Endpoint Protection  
UnloadSupport  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update Installer for WildTangent Games App  
Vesuvia  
VideoToolkit01  
Virtual Villagers - A New Home  
Virtual Villagers - Chapter 2 - The Lost Children  
WeatherBug  
WeatherBug Gadget  
Web Games Player Plugin  
WebReg  
WildTangent Games App for HP  
Yahoo Install Manager  
Yahoo Software Update  
Yahoo Toolbar  
Zuma Deluxe  
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\djokrall\Desktop\zoek.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
 
==== System Specs ======================
 
Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 1917 MB
CPU Info: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz
CPU Speed: 2049.4 MHz
Sound Card: Realtek Digital Output (Realtek | 
Display Adapters: NVIDIA GeForce 7100 / NVIDIA nForce 630i  | NVIDIA GeForce 7100 / NVIDIA nForce 630i  | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD-RAM GH10L
Ports: COM3 LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  456.5GB | D:  9.3GB
Hard Disks - Free: C:  354.6GB | D:  925.3MB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 10/24/08 | HPQOEM - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: FOXCONN Napa
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 34.0.1847.131
Internet Explorer Version: 9.0.8112.16421 
Mozilla Firefox version: 29.0 (x86 en-US)
Google Chrome version: 34.0.1847.131
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_55 (32-bit) 
Flash Player version: 13.0.0.206
Shockwave Player version: 12.0.7r148
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\djokrall\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-05-04 20:58:36 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe
2014-05-04 20:58:18 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2014-05-04 20:58:18 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe
2014-05-04 20:58:17 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe
2014-05-02 15:00:33 DCAA40C2C9F8EE14BAEA773576C26766 12347392 ----a-w- C:\Windows\System32\mshtml.dll
2014-05-02 15:00:33 878F0E1D75D45E91B9CC22152DD614FA 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-04-29 03:14:20 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll
====== C:\Windows\system32\drivers =====
2014-05-03 03:38:53 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-03 03:38:53 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-03 03:38:53 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-02 22:06:30 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-14 04:01:06 9543DEDD0D962BC81431F0BB1DFEDF95 107256 ----a-w- C:\Windows\System32\drivers\RapportKELL.sys
2014-04-12 20:52:38 FFB311EE7FA581E15FB002884575F068 13464 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-04 20:58:46 -------- d-----w- C:\Program Files\Common Files\Java
2014-05-04 20:57:28 -------- d-----w- C:\Program Files\Java
======= C: =====
2014-04-26 17:30:27 D46D074B8BF3F42AB0820C49AD760823 426 ----a-w- C:\AVScanner.ini
====== C:\Users\djokrall\AppData\Roaming ======
====== C:\Users\djokrall ======
2014-05-04 20:58:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-04 20:54:08 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\djokrall\Desktop\chromeinstall-7u55.exe
2014-05-03 20:22:41 F703FC30CEDF98CBFBCC87777A1C151C 408576 ----a-w- C:\Users\djokrall\Desktop\FSS.exe
2014-05-02 22:04:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\djokrall\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 03:45:57 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\djokrall\Desktop\JRT.exe
2014-04-29 03:07:53 A8DDCC18FC3706A5752713E9CC05A0BD 1310621 ----a-w- C:\Users\djokrall\Desktop\AdwCleaner.exe
2014-04-29 02:50:41 AEDB6AA9598337DA300942DEF6B5EFC5 4745728 ----a-w- C:\Users\djokrall\Desktop\aswmbr (1).exe
2014-04-29 02:48:41 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Desktop\OTL (3).exe
2014-04-27 20:57:57 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Downloads\OTL (2).exe
2014-04-27 20:57:28 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Downloads\OTL (1).exe
2014-04-13 10:16:47 -------- d--h--w- C:\ProgramData\Common Files
 
====== C: exe-files ==
2014-05-04 20:58:36 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\WINDOWS\System32\javaws.exe
2014-05-04 20:58:18 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\WINDOWS\System32\javaw.exe
2014-05-04 20:58:17 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\WINDOWS\System32\java.exe
2014-05-04 20:57:57 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-05-04 20:57:57 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-05-04 20:57:57 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-05-04 20:57:56 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-05-04 20:57:56 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-05-04 20:57:56 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-05-04 20:57:56 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-05-04 20:57:56 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-05-04 20:57:56 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-05-04 20:57:55 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-05-04 20:57:55 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-05-04 20:57:55 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-05-04 20:57:55 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe
2014-05-04 20:57:55 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-05-04 20:57:53 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-05-04 20:57:44 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-05-04 20:57:44 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-05-04 20:57:44 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-05-04 20:57:44 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-05-04 20:57:44 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-05-04 20:57:44 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-05-04 20:56:09 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\djokrall\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe
2014-05-04 20:54:08 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\djokrall\Desktop\chromeinstall-7u55.exe
2014-05-03 20:23:18 0E0500A330319ED8C0E6A3EA8CCF32E2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-646951214-2927039730-2231423905-1000\$I5G3CU7.exe
2014-05-03 20:22:41 F703FC30CEDF98CBFBCC87777A1C151C 408576 ----a-w- C:\Users\djokrall\Desktop\FSS.exe
2014-05-03 00:44:35 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\$Recycle.Bin\S-1-5-21-646951214-2927039730-2231423905-1000\$R5G3CU7.exe
2014-05-02 22:04:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\djokrall\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 03:45:57 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\djokrall\Desktop\JRT.exe
2014-04-30 03:24:57 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe
=== C: other files ==
2014-05-04 20:57:58 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-05-03 03:38:53 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-05-03 03:38:53 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-05-03 03:38:53 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-05-02 22:06:30 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
 
[HKEY_USERS\S-1-5-21-646951214-2927039730-2231423905-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RtHDVCpl"="RtHDVCpl.exe"
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"hpsysdrv"="c:\hp\support\hpsysdrv.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EMET Notifier"="C:\Program Files\EMET\EMET_notifier.exe"
"KeyScrambler"="C:\Program Files\KeyScrambler\keyscrambler.exe /a"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Browser Infrastructure Helper"
"hkey"="HKCU"
"command"="C:\\Users\\djokrall\\AppData\\Local\\Smartbar\\Application\\Smartbar.exe startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CommonToolkitTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CommonToolkitTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fighters\\Tray\\FightersTray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DW7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DW7"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel\\The Weather Channel App\\TWCApp.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Exetender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Exetender"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Free Ride Games\\GPlayer.exe\" /runonstartup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-514]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FDPRO-514"
"hkey"="HKCU"
"command"="C:\\Program Files\\Fighters\\FighterLauncher.exe FDPRO"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Health Check Scheduler"
"hkey"="HKLM"
"command"="[ProgramFilesFolder]Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPAdvisor"
"hkey"="HKCU"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW,SYSTRAY"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InboxToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InboxToolbar"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Inbox Toolbar\\Inbox.exe\" /STARTUP"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LivingPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LivingPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\LivingPlay\\livingplay32.exe a"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39srchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy_39 Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy_39 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39brmon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuance PDF Reader-reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PDF Reader\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\PDF Reader\\Ereg\\Ereg.ini\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Cleaners]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Cleaners"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PC Cleaners\\PCCleaners.exe\" /minimize"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recipe Hub Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Recipe Hub Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\RECIPE~2\\bar\\2.bin\\2jsrchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RecipeHub_2j Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RecipeHub_2j Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\RECIPE~2\\bar\\2.bin\\2jbrmon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegAlive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegAlive"
"hkey"="HKCU"
"command"="C:\\Program Files\\RegAlive\\RegAlive.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchEngineProtection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchEngineProtection"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gamesbar\\SearchEngineProtection.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shop To Win]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shop To Win"
"hkey"="HKCU"
"command"="C:\\Program Files\\Shop To Win\\ShopToWin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Smart PC Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smart PC Cleaner"
"hkey"="HKCU"
"command"="C:\\Program Files\\Smart PC Cleaner\\SPCLauncher.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedUpMyPC"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\launcher.exe\" -d 20000 "
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeetItUpFree]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeetItUpFree"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpeedItup Free\\speeditupfree.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Starter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Starter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Driver-Soft\\DriverGenius\\StarterW3i.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateReg"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\jureg.exe\" -delete"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TotalRecipeSearch Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TotalRecipeSearch Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\TOTALR~2\\bar\\4.bin\\14srchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TotalRecipeSearch_14 Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TotalRecipeSearch_14 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\TOTALR~2\\bar\\4.bin\\14brmon.exe"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\McAfee Security Scan\\2.1.121\\SSScheduler.exe "
"item"="McAfee Security Scan Plus"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish Media Detector.lnk"
"backup"="C:\\Windows\\pss\\Snapfish Media Detector.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\SNAPFI~1\\SNAPFI~1.EXE "
"item"="Snapfish Media Detector"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.4.1"
 
 
==== Startup Folders ======================
 
2012-12-30 21:53:17 1978 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/28/2014 11:24 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/30/2012 11:40 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/30/2012 11:40 AM]
C:\Windows\tasks\HPCeeScheduleFordjokrall.job --a------ C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [12/06/2007 04:10 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\BrowserSafeguard Update Task" [C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HPCeeScheduleFordjokrall" [C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe]
"C:\Windows\system32\tasks\ParetoLogic Update Version3 Startup Task" [C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe]
"C:\Windows\system32\tasks\PC Optimizer Pro startups" [C:\Program Files\PC Optimizer Pro\StartApps.exe]
"C:\Windows\system32\tasks\RecoveryCD" ["C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe"]
"C:\Windows\system32\tasks\SpeedyPC Registration3" [C:\Windows\system32\rundll32.exe "C:\Program Files\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns]
"C:\Windows\system32\tasks\SpeedyPC Update Version3" [C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe]
"C:\Windows\system32\tasks\SpeedyPC Update Version3 Startup Task" [C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{844F5803-7B17-4F41-A5D9-CCD3B01E2418}" [C:\Windows\system32\msfeedssync.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [12/30/2012 05:52 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [12/30/2012 05:52 PM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\b1ggofji.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U55
6BF74B455691665771F87E39027D3E0E - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll - WildTangent Games App V2 Presence Detector
603EEEFCB32003955535EF9418C87BC9 - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll - Oberon com adapter
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apgjagobplilmcdfelodhgefiidomnfl - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx[]
cnpkmcjgpcihgfnkcjapiaabbbplkcmf - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx[]
fifcondhjchebdnckhimgoancfmfggbe - C:\Users\djokrall\AppData\Local\Game Discovery\Chrome\Game Discovery.crx[03/18/2012 05:04 AM]
 
YouTube - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://www.bing.com/...s}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...rlz=1I7RNRM_en"
 
==== HijackThis Entries ======================
 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Tue 05/06/2014 at 18:21:59.55 ======================
 
Thanks!!
 

  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When I clicked on the "here" to download zoek program a pop up for christian mingle showed up in its own window!

I checked the link before posting it and I just checked it again. I went straight to the download page. You might want to check and make sure the popup blocker is turned on in your browser.
 
 
Well that doesn't show the extension that is causing the issue. But let's see if this will get it. The Zoek scan also shows that the Windows Sidebar is running.


Step-1.
Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.
Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-2.
Zoek Fix

Important: Close/disable all anti virus and anti malware programs so they do not interfere with the downloading or running of Zoek.exe
Here or here you can read a manual how to disable your security applications.

  • Close any open windows and all browsers.
  • Right click on Zoek.exe, click Run as Administrator and OK any UAC prompts to run the program.
    NOTE:Please wait while the tool starts. It will appear to be doing nothing and may take a few minutes to come up.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar!
dhhjmlmdpcpiojiffodbldlkgcnaeogp;chr
autoclean;
standardsearch;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (Usually C:\).
  • Please post the logfile in your next reply.

  • 0

#23
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

after i disabled the side bar and rebooted i got this message:

 

"Windows side bar is managed by your system administrator" with an ok button. Just so you know.

 

Here is the log:

 

 
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by djokrall on Wed 05/07/2014 at 20:32:59.69.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\djokrall\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-05-06-222159.log 54035 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\djokrall\Desktop\zoek.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\A_Free_Ride_Games_Bar deleted
C:\Users\djokrall\appdata\locallow\A_Free_Ride_Games_Bar deleted
C:\Program Files\The Weather Channel deleted
C:\Program Files\Retrogamer_2zEI deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\Hosts_Anti_Adwares_PUPs deleted
C:\Users\djokrall\AppData\Roaming\Yahoo! deleted
C:\Users\djokrall\AppData\Roaming\Sammsoft deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Yahoo! Companion deleted
C:\PROGRA~2\ParetoLogic deleted
C:\PROGRA~2\Uniblue\DriverScanner deleted
C:\PROGRA~2\Uniblue deleted
C:\Windows\system32\config\systemprofile\AppData\Local\SearchProtect deleted
C:\Users\djokrall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Users\djokrall\Downloads\CouponPrinter (1).exe deleted
C:\Users\djokrall\Downloads\CouponPrinter (2).exe deleted
C:\Users\djokrall\Downloads\CouponPrinter (3).exe deleted
C:\Users\djokrall\Downloads\CouponPrinter (4).exe deleted
C:\Users\djokrall\Downloads\CouponPrinter.exe deleted
C:\Users\djokrall\AppData\LocalLow\Yahoo! deleted
C:\Users\djokrall\AppData\LocalLow\SearchFlyBar2 deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\system32\Tasks\BrowserSafeguard Update Task deleted
C:\Windows\system32\tasks\PC Optimizer Pro startups deleted
C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\b1ggofji.default\Invalidprefs.js deleted
"C:\Users\djokrall\AppData\Roaming\Nuance" deleted
 
==== System Specs ======================
 
Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 1917 MB
CPU Info: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz
CPU Speed: 2049.3 MHz
Sound Card: Realtek Digital Output (Realtek | 
Display Adapters: NVIDIA GeForce 7100 / NVIDIA nForce 630i  | NVIDIA GeForce 7100 / NVIDIA nForce 630i  | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD-RAM GH10L
Ports: COM3 LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  456.5GB | D:  9.3GB
Hard Disks - Free: C:  354.9GB | D:  920.3MB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 10/24/08 | HPQOEM - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: FOXCONN Napa
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 34.0.1847.131
Internet Explorer Version: 9.0.8112.16421 
Mozilla Firefox version: 29.0 (x86 en-US)
Google Chrome version: 34.0.1847.131
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_55 (32-bit) 
Flash Player version: 13.0.0.206
Shockwave Player version: 12.0.7r148
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\djokrall\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-05-04 20:58:36 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe
2014-05-04 20:58:18 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2014-05-04 20:58:18 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe
2014-05-04 20:58:17 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe
2014-05-02 15:00:33 DCAA40C2C9F8EE14BAEA773576C26766 12347392 ----a-w- C:\Windows\System32\mshtml.dll
2014-05-02 15:00:33 878F0E1D75D45E91B9CC22152DD614FA 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-04-29 03:14:20 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll
====== C:\Windows\system32\drivers =====
2014-05-03 03:38:53 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-03 03:38:53 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-03 03:38:53 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-02 22:06:30 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-14 04:01:06 9543DEDD0D962BC81431F0BB1DFEDF95 107256 ----a-w- C:\Windows\System32\drivers\RapportKELL.sys
2014-04-12 20:52:38 FFB311EE7FA581E15FB002884575F068 13464 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-04 20:58:46 -------- d-----w- C:\Program Files\Common Files\Java
2014-05-04 20:57:28 -------- d-----w- C:\Program Files\Java
======= C: =====
2014-04-26 17:30:27 D46D074B8BF3F42AB0820C49AD760823 426 ----a-w- C:\AVScanner.ini
====== C:\Users\djokrall\AppData\Roaming ======
====== C:\Users\djokrall ======
2014-05-04 20:58:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-04 20:54:08 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\djokrall\Desktop\chromeinstall-7u55.exe
2014-05-03 20:22:41 F703FC30CEDF98CBFBCC87777A1C151C 408576 ----a-w- C:\Users\djokrall\Desktop\FSS.exe
2014-05-02 22:04:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\djokrall\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 03:45:57 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\djokrall\Desktop\JRT.exe
2014-04-29 03:07:53 A8DDCC18FC3706A5752713E9CC05A0BD 1310621 ----a-w- C:\Users\djokrall\Desktop\AdwCleaner.exe
2014-04-29 02:50:41 AEDB6AA9598337DA300942DEF6B5EFC5 4745728 ----a-w- C:\Users\djokrall\Desktop\aswmbr (1).exe
2014-04-29 02:48:41 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Desktop\OTL (3).exe
2014-04-27 20:57:57 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Downloads\OTL (2).exe
2014-04-27 20:57:28 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\djokrall\Downloads\OTL (1).exe
2014-04-13 10:16:47 -------- d--h--w- C:\ProgramData\Common Files
 
====== C: exe-files ==
2014-05-07 21:26:49 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe
2014-05-07 21:26:48 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleUpdateBroker.exe
2014-05-07 21:26:45 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files\Google\Update\1.3.24.7\GoogleUpdateSetup.exe
2014-05-07 21:26:20 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe
2014-05-07 21:26:17 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
2014-05-07 21:26:15 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
2014-05-07 21:26:04 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.24.7\GoogleUpdate.exe
2014-05-07 21:25:53 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.7\GoogleUpdateSetup.exe
2014-05-04 20:58:36 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\WINDOWS\System32\javaws.exe
2014-05-04 20:58:18 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\WINDOWS\System32\javaw.exe
2014-05-04 20:58:17 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\WINDOWS\System32\java.exe
2014-05-04 20:57:57 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-05-04 20:57:57 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-05-04 20:57:57 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-05-04 20:57:56 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-05-04 20:57:56 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-05-04 20:57:56 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-05-04 20:57:56 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-05-04 20:57:56 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-05-04 20:57:56 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-05-04 20:57:55 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-05-04 20:57:55 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-05-04 20:57:55 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-05-04 20:57:55 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe
2014-05-04 20:57:55 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-05-04 20:57:53 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-05-04 20:57:44 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-05-04 20:57:44 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-05-04 20:57:44 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-05-04 20:57:44 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-05-04 20:57:44 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-05-04 20:57:44 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-05-04 20:56:09 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\djokrall\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe
2014-05-04 20:54:08 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\djokrall\Desktop\chromeinstall-7u55.exe
2014-05-03 20:23:18 0E0500A330319ED8C0E6A3EA8CCF32E2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-646951214-2927039730-2231423905-1000\$I5G3CU7.exe
2014-05-03 20:22:41 F703FC30CEDF98CBFBCC87777A1C151C 408576 ----a-w- C:\Users\djokrall\Desktop\FSS.exe
2014-05-03 00:44:35 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\$Recycle.Bin\S-1-5-21-646951214-2927039730-2231423905-1000\$R5G3CU7.exe
2014-05-02 22:04:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\djokrall\Desktop\mbam-setup-2.0.1.1004.exe
=== C: other files ==
2014-05-04 20:57:58 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-05-03 03:38:53 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-05-03 03:38:53 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-05-03 03:38:53 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-05-02 22:06:30 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
 
[HKEY_USERS\S-1-5-21-646951214-2927039730-2231423905-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RtHDVCpl"="RtHDVCpl.exe"
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"hpsysdrv"="c:\hp\support\hpsysdrv.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EMET Notifier"="C:\Program Files\EMET\EMET_notifier.exe"
"KeyScrambler"="C:\Program Files\KeyScrambler\keyscrambler.exe /a"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Browser Infrastructure Helper"
"hkey"="HKCU"
"command"="C:\\Users\\djokrall\\AppData\\Local\\Smartbar\\Application\\Smartbar.exe startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CommonToolkitTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CommonToolkitTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fighters\\Tray\\FightersTray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DW7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DW7"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel\\The Weather Channel App\\TWCApp.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Exetender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Exetender"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Free Ride Games\\GPlayer.exe\" /runonstartup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-514]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FDPRO-514"
"hkey"="HKCU"
"command"="C:\\Program Files\\Fighters\\FighterLauncher.exe FDPRO"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Health Check Scheduler"
"hkey"="HKLM"
"command"="[ProgramFilesFolder]Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPAdvisor"
"hkey"="HKCU"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW,SYSTRAY"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InboxToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InboxToolbar"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Inbox Toolbar\\Inbox.exe\" /STARTUP"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LivingPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LivingPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\LivingPlay\\livingplay32.exe a"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39srchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy_39 Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MapsGalaxy_39 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39brmon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuance PDF Reader-reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PDF Reader\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\PDF Reader\\Ereg\\Ereg.ini\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Cleaners]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Cleaners"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PC Cleaners\\PCCleaners.exe\" /minimize"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recipe Hub Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Recipe Hub Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\RECIPE~2\\bar\\2.bin\\2jsrchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RecipeHub_2j Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RecipeHub_2j Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\RECIPE~2\\bar\\2.bin\\2jbrmon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegAlive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegAlive"
"hkey"="HKCU"
"command"="C:\\Program Files\\RegAlive\\RegAlive.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchEngineProtection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchEngineProtection"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gamesbar\\SearchEngineProtection.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shop To Win]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shop To Win"
"hkey"="HKCU"
"command"="C:\\Program Files\\Shop To Win\\ShopToWin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Smart PC Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smart PC Cleaner"
"hkey"="HKCU"
"command"="C:\\Program Files\\Smart PC Cleaner\\SPCLauncher.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedUpMyPC"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\launcher.exe\" -d 20000 "
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeetItUpFree]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeetItUpFree"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpeedItup Free\\speeditupfree.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Starter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Starter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Driver-Soft\\DriverGenius\\StarterW3i.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateReg"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\jureg.exe\" -delete"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TotalRecipeSearch Search Scope Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TotalRecipeSearch Search Scope Monitor"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\TOTALR~2\\bar\\4.bin\\14srchmn.exe\" /m=2 /w /h"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TotalRecipeSearch_14 Browser Plugin Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TotalRecipeSearch_14 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\TOTALR~2\\bar\\4.bin\\14brmon.exe"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\McAfee Security Scan\\2.1.121\\SSScheduler.exe "
"item"="McAfee Security Scan Plus"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish Media Detector.lnk"
"backup"="C:\\Windows\\pss\\Snapfish Media Detector.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\SNAPFI~1\\SNAPFI~1.EXE "
"item"="Snapfish Media Detector"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.3"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^djokrall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
"path"="C:\\Users\\djokrall\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.4.1"
 
 
==== Startup Folders ======================
 
2012-12-30 21:53:17 1978 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/28/2014 11:24 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/30/2012 11:40 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/30/2012 11:40 AM]
C:\Windows\tasks\HPCeeScheduleFordjokrall.job --a------ C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [12/06/2007 04:10 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HPCeeScheduleFordjokrall" [C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe]
"C:\Windows\system32\tasks\ParetoLogic Update Version3 Startup Task" [C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe]
"C:\Windows\system32\tasks\RecoveryCD" ["C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe"]
"C:\Windows\system32\tasks\SpeedyPC Registration3" [C:\Windows\system32\rundll32.exe "C:\Program Files\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns]
"C:\Windows\system32\tasks\SpeedyPC Update Version3" [C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe]
"C:\Windows\system32\tasks\SpeedyPC Update Version3 Startup Task" [C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{844F5803-7B17-4F41-A5D9-CCD3B01E2418}" [C:\Windows\system32\msfeedssync.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [12/30/2012 05:52 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [12/30/2012 05:52 PM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\djokrall\AppData\Roaming\Mozilla\Firefox\Profiles\b1ggofji.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U55
6BF74B455691665771F87E39027D3E0E - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll - WildTangent Games App V2 Presence Detector
603EEEFCB32003955535EF9418C87BC9 - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll - Oberon com adapter
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apgjagobplilmcdfelodhgefiidomnfl - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx[]
cnpkmcjgpcihgfnkcjapiaabbbplkcmf - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx[]
fifcondhjchebdnckhimgoancfmfggbe - C:\Users\djokrall\AppData\Local\Game Discovery\Chrome\Game Discovery.crx[03/18/2012 05:04 AM]
 
YouTube - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - djokrall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://www.bing.com/...s}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\apgjagobplilmcdfelodhgefiidomnfl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDPRO-514 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LivingPlay deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy_39 Browser Plugin Loader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recipe Hub Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecipeHub_2j Browser Plugin Loader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegAlive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shop To Win deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart PC Cleaner deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeetItUpFree deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecipeSearch Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecipeSearch_14 Browser Plugin Loader deleted successfully
 
==== HijackThis Entries ======================
 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
==== Empty IE Cache ======================
 
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SIX6BP3 will be deleted at reboot
C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWTUG7C2 will be deleted at reboot
C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\djokrall\AppData\Local\Mozilla\Firefox\Profiles\b1ggofji.default\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=275 folders=95 39959286 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\djokrall\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\djokrall\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SIX6BP3" not found
"C:\Users\djokrall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWTUG7C2" not found
 
==== EOF on Wed 05/07/2014 at 21:39:59.66 ======================
 

  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

after i disabled the side bar and rebooted i got this message:
"Windows side bar is managed by your system administrator" with an ok button. Just so you know.

Acknowledged.

Is the Chrome ERR_FILE_NOT_FOUND message gone?
 


  • 0

#25
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

it is still present!

 

No webpage was found for the web address: chrome-extension://dhhjmlmdpcpiojiffodbldlkgcnaeogp/components/supertab/html/supertab.html
Error code: ERR_FILE_NOT_FOUND

  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi,
Let's see if we can find anything in the Chrome Preferences file.

Navigate to the Chrome default folder, C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default and find a file named Preferences

  • Double click it to open it. If you get a window asking you which program you want to use to open the file, choose Notepad
  • Highlight all of the text in the file then right click the mouse and click Copy.
  • Close the Preferences file.
  • Open Notepad. Right click inside the Notepad window and click Paste. This should put the text inside the Notepad window.
  • Click File in the Menu bar and click Save.
  • Save the file to the desktop with the name Preferences.txt
  • Attach that file in your next post. To do that:

Upload a file and put it in a post:

  • Click the More Reply Options button below the post editor box. That will load the Full Editor.
    • Type or copy and past any text you need in the post. When you get to the point where you want to attach a file:
  • Scroll down and click the Browse... button. A new window will open where you can browse your computer for the file to upload..

    a. Select the file. This will put the file in the File Name box on the File Upload window.
    b. Click Open. The File Upload window will close and the file name will be put next to the Browse... button in the forum post.

  • Click the Attach This File button. This will open a new box with the file in it .
  • Under the file name you will see Add to Post | Delete
  • Click on Add to Post. This will attach the file to the post.
  • Once you have completed your post and are ready to submit it, click the Add Reply button.

Some screen shots of the process can be seen here
 

 


  • 0

#27
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

I got this message when saving this file. Something about this file has Unicode and all of the Unicode will be lost if saved as a text file.

 

Attached File  preferences.txt   111.57KB   240 downloads


  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks. Delete the Preferences.txt file on the desktop. Next we are gonna put a backup of the Chrome Preferences file on the desktop.

Navigate to the Chrome default folder, C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default and find a file named Preferences
Right click the file and click Copy.
Go to the desktop and right click an open area on the desktop and click Paste. This should put a file named Preferences on the desktop.

Next we will edit the Preferences file in the Chrome default folder.

Go back to the Chrome default folder, C:\Users\djokrall\AppData\Local\Google\Chrome\User Data\Default
Double click the Preferences file to open it.

Find the following:

  "extensions": {
      "alerts": {
         "initialized": true
      },
      "autoupdate": {
         "last_check": "13043819903074999",
         "next_check": "13044207652009379"
      },
      "blacklistupdate": {
         "lastpingday": "13022405892598798",
         "version": "0.0.0.149"
      },
     "chrome_url_overrides": {
         "bookmarks": [ "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html" ],
         "newtab": [ "chrome-extension://dhhjmlmdpcpiojiffodbldlkgcnaeogp/components/supertab/html/supertab.html" ]
      },

Under the "chrome_url_overrides": section, delete the following:
"newtab": [ "chrome-extension://dhhjmlmdpcpiojiffodbldlkgcnaeogp/components/supertab/html/supertab.html" ]

Click File in the menu bar and click Save to save the changes.

Start Chrome and see if the webpage was found for the web address: chrome-extension://dhhjmlmdpcpiojiffodbldlkgcnaeogp/components/supertab/html/supertab.html
Error code: ERR_FILE_NOT_FOUND
message is gone.
 

 


  • 0

#29
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

That did it!!!


  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

That's good news. But I think I could have saved myself some research time. I was re-reading this topic to se what tools neede to be cleaned up and I see that the DocTOPDF extension is still on the system. My research linked the error message to the DocToPDF extension.

I want you to go back to Step 2. of post #5 and remove the DocToPDF extension from chrome.

You logs look clean so after removing the extension we will need to clean up the tools we have used.


OK!  Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_47., click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner

  • Click the Uninstall button
  • Confirm with yes

adwcleaner_uninstall.jpg

Step-3.

OTL Cleanup
1.  Please re-open otlDesktopIcon.png on your desktop.

  • Be sure all other programs are closed as this step will require a reboot.
  • Click on btnCleanUp.png
  • You will be prompted to reboot your system. Please do so.

The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

The Java setup file
MBR.dat
JRT.exe
JRT.txt
esetsmartinstaller_enu.exe
---IF you used Firefox to run the scan.
SecurityCheck.exe
checkup.txt
MicrosoftFixit50906.msi
Zoek.exe
C:\zoek-results.log
C:\Users\djokrall\Downloads\OTL (2).exe
C:\Users\djokrall\Downloads\OTL (1).exe

The Preferences file on the desktop

Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window  click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point,  Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files.  This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • Windows Vista: In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel

Now we can purge the old Restore Points


  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    558d1232211536t-disk-cleanup-options.jpg
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    1587d1194409843-disk-cleanup-select_driv
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    555d1183850142-disk-cleanup-cleanup_load
  • The Disk Cleanup Window will open:
    554d1232211527t-disk-cleanup-all_files_m
  • Click the More Options tab.
    NOTE: If there isn't a More Options tab then click the Clean up system files button at the bottom of the window. Disk Cleanup will reload and the More Options button should be visible.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    553d1232211527t-disk-cleanup-all_files.j
  • In the Disk Cleanup dialog box, click Delete
  • You will get a Disk Cleanup confirmation asking if you are sure you wan to delete the files.
  • Click Delete Files, and then click OK.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

SPECIAL NOTICE

“CryptoLocker” is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files.  According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here

Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.
Right click the CryptoPreventSetup.exe file and click Run as Administrator and OK ant UAC prompts to install the program.
Next, Right click the Cryptoprevent icon on the desktop and click Run as Administrator and OK any UAC prompt to run the program.

CryptoPrevent.JPG

When the program opens make sure all boxes are checked and then click the Block button to apply the protection.

NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1.  From within Internet Explorer click on the Tools menu and then click on Options.
2.  Click once on the Security tab
3.  Click once on the Internet icon so it becomes highlighted.
4.  Click once on the Custom Level button.
5.  Change the Download signed ActiveX controls to "Prompt"
6.  Change the Download unsigned ActiveX controls to "Disable"
7.  Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8.  Change the Installation of desktop items to "Prompt"
9.  Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

:Install the MVPs Hosts File:

  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

NOTE: Please read all of the information on the MVP Hosts page before you install the HOSTS file. This file may result in some of the web sites you visit not working as expected or not at all. There are work arounds for this but you will need to read about them on the web page. If you install the MVP HOSTS file and decide you don't want it you can replace it with the HOSTS file that you were using before. The web page has directions for this.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

========BACKUPS================

  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Tweaking.com's Registry Backup - Download the installer for Registry Backup from the link below and save it to the desktop :
    Link
  • Click one of the Download buttons under Installer
    A tutorial for Registry Backup explaining the various features can be viewed here

========Keep Installed Programs Up to Date========
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the rep_up.png at the bottom right of this post. :)

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
 

 


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP