egans Posted January 4, 2014 Report Share Posted January 4, 2014 I would like to clean all unnessesary programs from my hp to make it run faster. I have all file on a cd that i want to keep so if you have to do restore to factory setting im ok with that. Thanks Link to post Share on other sites
flashh4 Posted January 4, 2014 Report Share Posted January 4, 2014 Hi we souldn't have to do a restore to factory ! Ok lets get started !!! Howdy egans and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ===================================AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXTMALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started.Please don't attach the scans / logs, use "copy/paste".Post next:1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes log ThanksChuck Link to post Share on other sites
flashh4 Posted January 4, 2014 Report Share Posted January 4, 2014 You can post here if you need to ask any questions ??? Chuck Link to post Share on other sites
flashh4 Posted January 4, 2014 Report Share Posted January 4, 2014 Some of these programs/tools will seem like they have stopped but they are still running ! Wait for them to finish then post the logs !! Then go to the next in my fix above ! Chuck Link to post Share on other sites
egans Posted January 4, 2014 Author Report Share Posted January 4, 2014 i have tried to copy and paste the logs but it wont Link to post Share on other sites
flashh4 Posted January 4, 2014 Report Share Posted January 4, 2014 Thats strange ! Ok send it to me in a PM & i will post it for you ! Then go to the next step ! Chuck Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Hi, ok finally got that mess re-done frm the PM !! Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.04.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Shaneen Egan :: SE [administrator] Protection: Enabled 1/4/2014 2:57:10 PM mbam-log-2014-01-04 (14-57-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238274 Time elapsed: 17 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected)Registry Keys Detected: 54 HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}(PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MyScrapNook_12(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKCR\AppID\WStech.DLL (Rogue.GreenAV) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.Registry Values Detected: 4 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data: C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> No action taken.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2190&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.Folders Detected: 2 C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully. Files Detected: 8 C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> No action taken.C:\Users\Shaneen Egan\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> No action taken.C:\Users\Shaneen Egan\Downloads\intunemp3.exe (PUP.Optional.InstallIQ.A) -> No action taken.C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\Instructions.ini (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\cookies.sqlite (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\ProgramData\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully. (end)==============================~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows Vista Home Premium x64 Ran by Shaneen Egan on Sat 01/04/2014 at 14:17:01.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL Successfully repaired:[Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1 Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Successfully deleted:[Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Successfully deleted:[Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{48450F17-FCC9-46B6-88A8-24265FC52D52} Successfully deleted:[Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted:[Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} ~~~ Files ~~~ Folders Successfully deleted:[Folder] C:\Users\Shaneen Egan\AppData\LocalLow\FCTB000061107 Successfully deleted:[Folder] "C:\Users\Shaneen Egan\AppData\Roaming\w3i, llc" Successfully deleted:[Folder] "C:\Users\Shaneen Egan\appdata\local\software assist" Successfully deleted:[Folder] "C:\Program Files (x86)\bearshare applications" Successfully deleted:[Folder] "C:\Program Files (x86)\software assist" Successfully deleted:[Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2C0F4991-C5B8-426C-8B79-C0D41032E252} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2FAEA52C-C543-449E-8D19-C55FE0ECADC6} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{52026404-3499-4561-98B1-014AF83E83E3} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{544FEAA5-E1F2-4121-AEC7-350080B760D1} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{55B9C99A-5046-41D0-811B-3CBB0D948BF2} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{7C475FCF-DA36-4FB2-97E0-71E3746DEB77} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{81392F59-AAAA-482C-ABC5-E5D56A759BAB} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{8903CC07-ABF6-4FC8-B166-AFC3EEC25164} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{B9FE84F1-5A82-4E1B-A765-FC896F99FDBF} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CA21E2C8-5F48-44F4-ACB9-D81F379E65A3} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CB419957-8E9E-4D78-9776-2D36F3213963} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{E2C9B123-3878-413A-A9CD-5FF701321C2A} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{F434992A-57D3-4442-ADA7-DDF757CED687} Successfully deleted:[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{FF014F0C-774A-4159-88C9-56631D8D0A67}~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 01/04/2014 at 14:34:35.05 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================ ~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows Vista Home Premium x64 Ran by Shaneen Egan on Sat 01/04/2014 at 14:17:01.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{48450F17-FCC9-46B6-88A8-24265FC52D52} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Shaneen Egan\AppData\LocalLow\FCTB000061107 Successfully deleted: [Folder] "C:\Users\Shaneen Egan\AppData\Roaming\w3i, llc" Successfully deleted: [Folder] "C:\Users\Shaneen Egan\appdata\local\software assist" Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications" Successfully deleted: [Folder] "C:\Program Files (x86)\software assist" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2C0F4991-C5B8-426C-8B79-C0D41032E252} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2FAEA52C-C543-449E-8D19-C55FE0ECADC6} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{52026404-3499-4561-98B1-014AF83E83E3} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{544FEAA5-E1F2-4121-AEC7-350080B760D1} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{55B9C99A-5046-41D0-811B-3CBB0D948BF2} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{7C475FCF-DA36-4FB2-97E0-71E3746DEB77} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{81392F59-AAAA-482C-ABC5-E5D56A759BAB} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{8903CC07-ABF6-4FC8-B166-AFC3EEC25164} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{B9FE84F1-5A82-4E1B-A765-FC896F99FDBF} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CA21E2C8-5F48-44F4-ACB9-D81F379E65A3} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CB419957-8E9E-4D78-9776-2D36F3213963} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{E2C9B123-3878-413A-A9CD-5FF701321C2A} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{F434992A-57D3-4442-ADA7-DDF757CED687} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{FF014F0C-774A-4159-88C9-56631D8D0A67} ~~~ Event Viewer Logs were cleared =============================== Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.04.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Shaneen Egan ::SE [administrator] Protection: Enabled 1/4/2014 2:57:10 PM mbam-log-2014-01-04 (14-57-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238274 Time elapsed: 17 minute(s), 2 second(s)Memory Processes Detected: 0 (No malicious items detected)Memory Modules Detected: 0 (No malicious items detected)Registry Keys Detected: 54 HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11}(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}(PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin.1(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MyScrapNook_12(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKCR\AppID\WStech.DLL (Rogue.GreenAV) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected:4 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data:C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe|Debugger (Security.Hijack) -> Data:svchost.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data:svchost.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data:svchost.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2190&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.Folders Detected: 2 C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.Files Detected: 8 C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe(PUP.Optional.OpenCandy) -> No action taken. C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe(PUP.Optional.Bandoo) -> No action taken. C:\Users\Shaneen Egan\Downloads\iLividSetup.exe(PUP.Optional.Bandoo) -> No action taken. C:\Users\Shaneen Egan\Downloads\intunemp3.exe(PUP.Optional.InstallIQ.A) -> No action taken. C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\Instructions.ini (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\cookies.sqlite (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.C:\ProgramData\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully. (end) Wow, that was some cleaning but i see more we have to do !! Be back after i eat with a new fix !! ThanksChuck Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Hi egans, i need you to run Malwarebytes again make sure you place a check in the box beside everything it finds, then click REMOVE SELECTED & post the log here if you can !!! Then Next: Run RogueKillerIMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller againDownload RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe close all running programs for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe when the prescan is finished, click on Scan click on Report and copy/paste the content in your next post.[/list If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exePlease post the contents of the RKreport.txt in your next reply. NEXT Download DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic.Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead. NEXT Download OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. Malwarebytes log2. RogueKiller log3. DDS logs4. OTL log thanksChuck Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.04.06Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Shaneen Egan :: SE [administrator]Protection: Enabled1/4/2014 8:44:19 PMmbam-log-2014-01-04 (20-44-19).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 238077Time elapsed: 12 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 48HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SettingsPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SettingsPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.PseudoTransparentPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.PseudoTransparentPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.Radio.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.Radio (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.DynamicBarButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.FeedManager (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.FeedManager.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.HTMLMenu (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.HTMLPanel (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.MultipleButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.MultipleButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.RadioSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.RadioSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.ScriptButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.ScriptButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SkinLauncher (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SkinLauncher.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SkinLauncherSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.SkinLauncherSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.UrlAlertButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\MyScrapNook_12 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.Registry Values Detected: 1HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data: C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 5C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Shaneen Egan\Downloads\intunemp3.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.(end) Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 I did the Malware step again and i wondered if i need to tick them all sorry about that. Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Shaneen Egan [Admin rights]Mode : Scan -- Date : 01/04/2014 21:08:20| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 9 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] FGRun : C:\Users\Shaneen - Egan\AppData\Roaming\pack.exe [x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVS-60UST0 +++++--- User ---[MBR] 0ca105ab91de89c4bd56e21663885732[bSP] 5e5983554871d978d57052f9a23d949c : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225333 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461483190 | Size: 13139 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_01042014_210820.txt >> Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vistaâ„¢ Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 6/19/2008 2:51:59 AMSystem Uptime: 1/4/2014 8:13:47 PM (1 hours ago).Motherboard: Quanta | | 30CCProcessor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1000/667mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 220 GiB total, 129.067 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0039Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #10PNP Device ID: ROOT\*ISATAP\0039Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0042Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #10PNP Device ID: ROOT\*ISATAP\0042Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0045Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #11PNP Device ID: ROOT\*ISATAP\0045Service: tunnel.==== System Restore Points ===================.RP731: 12/30/2013 3:00:36 AM - Windows UpdateRP732: 1/4/2014 10:51:47 AM - Windows Update.==== Installed Programs ======================.4500_Help64 Bit HP CIO Components InstallerAcrobat.comAddThis ToolbarAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.0Adobe Shockwave Player 11.5Apple Application SupportApple Mobile Device SupportApple Software UpdateBing BarBonjourbpd_scanBPDSoftwareBPDSoftware_InibSavingBufferChmCards_Calendar_OrderGift_DoMorePlugoutCCleaner (remove only)CheckIt DiagnosticsCustomerResearchQFolderCyberLink YouCamD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestination ComponentDeviceDiscoveryDeviceManagementQFolderDocMgrDocProcDocProcQFolderDVD SuiteEA LinkeSupportQFolderFacebook Video Calling 1.2.0.287Fast Browser Search (My Web Tattoo)Fast Browser Search ProtectionFaxFilmFanatic ToolbarFrostWire 4.21.7Google ChromeGoogle EarthGoogle Update HelperGPBaseServiceGPBaseService2Hauppauge MCE XP/Vista Software Encoder (2.0.25149)Hewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer Participation Program 10.0HP Doc ViewerHP Document Manager 1.0HP Easy Setup - FrontendHP Help and SupportHP Imaging Device Functions 10.0HP Officejet J4500 SeriesHP Photosmart Essential 2.5HP Product DetectionHP Quick Launch Buttons 6.30 E1HP QuickPlay 3.6HP QuickTouch 1.00 C3HP Smart Web PrintingHP Solution Center 13.0HP UpdateHP User Guides 0087HP Wireless AssistantHPPhotoSmartDiscLabel_PaperLabelHPPhotoSmartDiscLabel_PrintOnDiscHPPhotoSmartDiscLabel_TattooHPPhotoSmartDiscLabelContent1hpphotosmartdisclabelpluginHPPhotoSmartPhotobookHolidayPack1HPPhotoSmartPhotobookModernPack1HPPhotoSmartPhotobookPlayfulPack1HPPhotoSmartPhotobookScrapbookPack1HPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyiCloudInstallIQ UpdaterIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManageriPhone Configuration UtilityiPod for Windows 2005-09-23iTunesJ4500Java 6 Update 17Java 6 Update 2Junk Mail filter updateLabelPrintLightScribe System Software 1.10.13.1Malwarebytes Anti-Malware version 1.75.0.1300MarketResearchMediaBarMesh RuntimeMessenger CompanionMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMotorola SM56 Speakerphone ModemMSVCRTMSVCRT_amd64MSVCSetupMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesMy Scrap Nook ToolbarNorton CleanupNorton SystemWorksNorton SystemWorks (Symantec Corporation)Norton UtilitiesOCR Software by I.R.I.S. 10.0PANTECH PC USB Modem SoftwarePower2GoPowerDirectorProductContextPSSWCOREQuickPlay SlingPlayer 0.4.6QuickTimeRealtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows VistaRealtek High Definition Audio DriverRICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01SafariScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSegoe UIShop for HP SuppliesShopAtHome SelectRebatesSkype Click to CallSkypeâ„¢ 6.1Slingbox Flash TourSlingPlayerSmartWebPrintingOCSoftware AssistSolutionCenterSPBBC 64bitSpelling Dictionaries Support For Adobe Reader 9StatusSymantec KB-DocID:2003093015493306Symantec Technical Support Web ControlsSynaptics Pointing Device DriverThe Simsâ„¢ Life StoriesToolboxTrayAppUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVideoToolkit01VZAccess ManagerWeatherBug GadgetWebRegWindows Driver Package - Intel USB (08/05/2009 9.1.1.1016)Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.1/4/2014 8:17:18 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).1/4/2014 8:16:06 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.1/4/2014 8:14:21 PM, Error: EventLog [6008] - The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected.1/4/2014 5:55:49 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vistaâ„¢ Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 6/19/2008 2:51:59 AMSystem Uptime: 1/4/2014 8:13:47 PM (1 hours ago).Motherboard: Quanta | | 30CCProcessor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1000/667mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 220 GiB total, 129.067 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0039Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #10PNP Device ID: ROOT\*ISATAP\0039Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0042Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #10PNP Device ID: ROOT\*ISATAP\0042Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0045Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #11PNP Device ID: ROOT\*ISATAP\0045Service: tunnel.==== System Restore Points ===================.RP731: 12/30/2013 3:00:36 AM - Windows UpdateRP732: 1/4/2014 10:51:47 AM - Windows Update.==== Installed Programs ======================.4500_Help64 Bit HP CIO Components InstallerAcrobat.comAddThis ToolbarAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.0Adobe Shockwave Player 11.5Apple Application SupportApple Mobile Device SupportApple Software UpdateBing BarBonjourbpd_scanBPDSoftwareBPDSoftware_InibSavingBufferChmCards_Calendar_OrderGift_DoMorePlugoutCCleaner (remove only)CheckIt DiagnosticsCustomerResearchQFolderCyberLink YouCamD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestination ComponentDeviceDiscoveryDeviceManagementQFolderDocMgrDocProcDocProcQFolderDVD SuiteEA LinkeSupportQFolderFacebook Video Calling 1.2.0.287Fast Browser Search (My Web Tattoo)Fast Browser Search ProtectionFaxFilmFanatic ToolbarFrostWire 4.21.7Google ChromeGoogle EarthGoogle Update HelperGPBaseServiceGPBaseService2Hauppauge MCE XP/Vista Software Encoder (2.0.25149)Hewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer Participation Program 10.0HP Doc ViewerHP Document Manager 1.0HP Easy Setup - FrontendHP Help and SupportHP Imaging Device Functions 10.0HP Officejet J4500 SeriesHP Photosmart Essential 2.5HP Product DetectionHP Quick Launch Buttons 6.30 E1HP QuickPlay 3.6HP QuickTouch 1.00 C3HP Smart Web PrintingHP Solution Center 13.0HP UpdateHP User Guides 0087HP Wireless AssistantHPPhotoSmartDiscLabel_PaperLabelHPPhotoSmartDiscLabel_PrintOnDiscHPPhotoSmartDiscLabel_TattooHPPhotoSmartDiscLabelContent1hpphotosmartdisclabelpluginHPPhotoSmartPhotobookHolidayPack1HPPhotoSmartPhotobookModernPack1HPPhotoSmartPhotobookPlayfulPack1HPPhotoSmartPhotobookScrapbookPack1HPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyiCloudInstallIQ UpdaterIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManageriPhone Configuration UtilityiPod for Windows 2005-09-23iTunesJ4500Java 6 Update 17Java 6 Update 2Junk Mail filter updateLabelPrintLightScribe System Software 1.10.13.1Malwarebytes Anti-Malware version 1.75.0.1300MarketResearchMediaBarMesh RuntimeMessenger CompanionMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMotorola SM56 Speakerphone ModemMSVCRTMSVCRT_amd64MSVCSetupMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesMy Scrap Nook ToolbarNorton CleanupNorton SystemWorksNorton SystemWorks (Symantec Corporation)Norton UtilitiesOCR Software by I.R.I.S. 10.0PANTECH PC USB Modem SoftwarePower2GoPowerDirectorProductContextPSSWCOREQuickPlay SlingPlayer 0.4.6QuickTimeRealtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows VistaRealtek High Definition Audio DriverRICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01SafariScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSegoe UIShop for HP SuppliesShopAtHome SelectRebatesSkype Click to CallSkypeâ„¢ 6.1Slingbox Flash TourSlingPlayerSmartWebPrintingOCSoftware AssistSolutionCenterSPBBC 64bitSpelling Dictionaries Support For Adobe Reader 9StatusSymantec KB-DocID:2003093015493306Symantec Technical Support Web ControlsSynaptics Pointing Device DriverThe Simsâ„¢ Life StoriesToolboxTrayAppUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionVideoToolkit01VZAccess ManagerWeatherBug GadgetWebRegWindows Driver Package - Intel USB (08/05/2009 9.1.1.1016)Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.1/4/2014 8:17:18 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).1/4/2014 8:16:06 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.1/4/2014 8:14:21 PM, Error: EventLog [6008] - The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected.1/4/2014 5:55:49 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/4/2014 5:55:49 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16526Run by Shaneen Egan at 21:23:00 on 2014-01-04Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2096 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RAVCpl64.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlmSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuURLSearchHooks: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - <orphaned>uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files (x86)\AddThis Toolbar\Helper.dlluURLSearchHooks: <No Name>: - LocalServer32 - <no file>mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnkIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} -TCP: NameServer = 72.21.70.3 67.215.21.202 192.168.1.1TCP: Interfaces\{04B8D4CB-A835-4570-A68A-565138A1B901} : DHCPNameServer = 67.215.21.202 72.21.70.3TCP: Interfaces\{F7068BD0-F121-4F56-B3AD-BCAD04EB4BB7} : DHCPNameServer = 72.21.70.3 67.215.21.202 192.168.1.1Filter: text/html - <Clsid value has no data>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RtHDVCpl] RAVCpl64.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/html - <Clsid value has no data>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-4 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-4 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-4 25928]R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe --> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [?]S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-6-19 3148288]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-12-30 10:00:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-30 10:00:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-01 21:42:38 90708896 ----a-w- C:\Windows\System32\mrt.exe2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe.============= FINISH: 21:23:59.37 =============== Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16526Run by Shaneen Egan at 21:24:19 on 2014-01-04Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2018 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\RAVCpl64.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlmSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuURLSearchHooks: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - <orphaned>uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files (x86)\AddThis Toolbar\Helper.dlluURLSearchHooks: <No Name>: - LocalServer32 - <no file>mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnkIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} -TCP: NameServer = 72.21.70.3 67.215.21.202 192.168.1.1TCP: Interfaces\{04B8D4CB-A835-4570-A68A-565138A1B901} : DHCPNameServer = 67.215.21.202 72.21.70.3TCP: Interfaces\{F7068BD0-F121-4F56-B3AD-BCAD04EB4BB7} : DHCPNameServer = 72.21.70.3 67.215.21.202 192.168.1.1Filter: text/html - <Clsid value has no data>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RtHDVCpl] RAVCpl64.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/html - <Clsid value has no data>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-4 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-4 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-4 25928]R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe --> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [?]S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-6-19 3148288]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-12-30 10:00:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-30 10:00:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-01 21:42:38 90708896 ----a-w- C:\Windows\System32\mrt.exe2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe.============= FINISH: 21:24:49.77 =============== Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Hi egan, lets get rid of the infection that RogueKiller found !! If you have the OTL log go ahead & post it also !! Open RogueKiller : * Quit all programs that you may have started.* Please disconnect any USB or external drives from the computer before you run this scan!* For Vista or Windows 7, right-click and select "Run as Administrator to start"* For Windows XP, double-click to start.* Wait until Prescan has finished ...* Then Click on "Scan" button* Wait until the Status box shows "Scan Finished"* click on "delete"* Wait until the Status box shows "Deleting Finished"* Click on "Report" and copy/paste the content of the Notepad into your next reply.* The log should be found in RKreport[1].txt on your Desktop* Exit/Close RogueKiller+ Will be waiting for the OTL log & clean up from the RogueKiller run above !! I will read threw the OTL & write a fix for you either tonight or tomorrow morning cause it takes me about 45 minutes to read threw that log !! ThanksChuck Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 OTL Extras logfile created on: 1/4/2014 9:33:06 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shaneen Egan\Downloads64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.43% Memory free8.16 Gb Paging File | 6.14 Gb Available in Paging File | 75.27% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 220.05 Gb Total Space | 129.07 Gb Free Space | 58.65% Space Free | Partition Type: NTFS Computer Name: SE | User Name: Shaneen Egan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1776805723-2028868014-283815931-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UacDisableNotify" = 0"InternetSettingsDisableNotify" = 0"AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]"VistaSp2" = 25 81 80 75 51 39 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"oobe_av" = 1 ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{12A9CE44-89DD-4AD8-9658-B6EF234F4248}" = lport=137 | protocol=17 | dir=in | app=system |"{2178E4F7-82E4-489C-A432-151A6D84EB6F}" = lport=138 | protocol=17 | dir=in | app=system |"{2C0CC69D-EA88-4E14-B4B3-F57F97328946}" = lport=139 | protocol=6 | dir=in | app=system |"{4F37B2CF-EC35-4004-BE14-7F21AC7E6829}" = rport=137 | protocol=17 | dir=out | app=system |"{56347B90-F1CA-4E08-B2EA-CB5E56F92239}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{59A6895B-7643-488D-B234-60A7A10BF3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{7982EC87-103E-4ACE-A09C-B2FE98C58EAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{A306E188-5536-455A-9404-9C901684EFB6}" = rport=445 | protocol=6 | dir=out | app=system |"{AA1EC6C1-4C66-4F12-B4A0-FAE01F61E3F0}" = rport=139 | protocol=6 | dir=out | app=system |"{C14F0F3E-1EB4-4BE3-B34A-93BC0356E8ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{C79634C7-E1E2-41B5-90C2-7FF426D8FA7C}" = rport=138 | protocol=17 | dir=out | app=system |"{FD9CA593-2823-4541-94C1-1DC99292AAD9}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0373BFD2-1E6A-45B1-8D0B-C9FE25FD4803}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |"{101E8348-F142-4484-B32B-3E8EA6F857F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{12B79826-0F9D-422B-BD7D-3610DF7A3471}" = protocol=58 | dir=out | [email protected],-28546 |"{15E83689-AACB-4281-950D-FEE4AB121A33}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"{195A097F-552E-4ADB-B789-F381038B9E37}" = protocol=58 | dir=in | [email protected],-28545 |"{36ADF0F2-B4B6-4232-BEE3-616E1AE3B9A4}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{3BC78D17-7B30-4D62-9877-9CD9AEB4D1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |"{408B7172-BDDD-4B5D-A9DE-00F74B975959}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |"{433A6A18-2AD5-45B9-A8A0-298C95484410}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |"{43CEDECA-0C68-4539-8FE8-5D05C43EEA8B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{44B05C75-A5EF-4EC1-AF9E-7059C67FA7DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{44BF0E6A-16D7-41CB-9518-190878D6FADF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{484EC066-6829-4990-8D25-9DA0FAC4338A}" = protocol=6 | dir=in | app=c:\program files (x86)\addthis toolbar\troubleshooter.exe |"{5CD55969-A2D8-4C79-9878-03FFB024DA06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{5EB2E882-0441-4BA0-9F5A-EEC7FC24553C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |"{61A3C477-0274-4DC9-9E06-8915E24980AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{717049C8-915F-4718-8B0C-DC4E6C36B79B}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |"{8049FE5C-2B60-4881-AB0E-995D61A521F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{85C97B64-BA23-4A34-8B82-B167F5E6FA23}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{87739FFC-307B-4EC2-8158-D619FF715B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{8CA67D18-D95C-44BF-9DA4-E26B0DADB864}" = protocol=17 | dir=in | app=c:\program files (x86)\addthis toolbar\troubleshooter.exe |"{9A145CA8-C458-422A-836C-93A7E43BCA12}" = protocol=17 | dir=in | app=c:\program files (x86)\kazaa\kazaa.exe |"{AA926F9C-3026-4028-9EE3-CB024099C1BD}" = protocol=6 | dir=in | app=c:\program files (x86)\kazaa\kazaa.exe |"{B02C879C-9453-46C9-98F6-49099A74D2CE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"{B1530061-C439-40CE-B530-BB632F74A67C}" = protocol=17 | dir=in | app=c:\program files (x86)\addthis toolbar\toolbarupdate.exe |"{B48BA75D-F538-4759-AD9C-C20AB00F7533}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{B74A4447-6A01-4D58-B853-EF1E39F0DF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |"{B9C6527B-4FD2-449C-B47B-B8DB390CAFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{BB38917E-C892-4B71-A10A-CAF48A5E6981}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{BF5CA861-59EE-442F-8135-907F35F3C52C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |"{C0A53F40-799C-4A4E-AC91-246078D18A6F}" = protocol=1 | dir=in | [email protected],-28543 |"{C50245D5-C50E-484B-90E6-9F7D77CB4437}" = protocol=6 | dir=in | app=c:\program files (x86)\addthis toolbar\toolbarupdate.exe |"{C619428E-4437-4CB2-B622-28DB6A980EDF}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |"{C7D97D66-8920-4390-A021-295F6AF4A73D}" = dir=in | app=c:\users\shaneen egan\appdata\local\facebook\video\skype\facebookvideocalling.exe |"{CBEAB62A-8DFE-4756-AD83-FDBB1277DF3F}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |"{CC1EC8D8-9629-482F-BE67-6882217E9169}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |"{D55A4965-2C78-4849-991A-6035971F1C47}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |"{DA3B2EDF-743D-4103-B692-1C524426AEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{E4A01549-A9F5-4BD6-8FFD-68C263B07594}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{E6DFDD71-1749-409C-93F6-ECD18F7E98E8}" = protocol=1 | dir=out | [email protected],-28544 |"{E83BDE3C-F1F5-413E-80BE-091DFAA525AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{ECD60FC6-41DA-4F42-9856-D15207C7C4CC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{F2539EAD-1B51-404B-8A9B-A5868B6EF95C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |"TCP Query User{1B791523-DAAC-425F-844D-88BBF8293C33}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"TCP Query User{44AF1F11-643C-49AF-B3E6-A9D5C7DE9C77}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |"TCP Query User{713B2ABE-1B61-44D8-9397-1015209DCE1C}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |"TCP Query User{AED19459-0F57-45FF-9A92-BE9850C2C687}C:\programdata\778cee\bm778_2190.exe" = protocol=6 | dir=in | app=c:\programdata\778cee\bm778_2190.exe |"TCP Query User{D568DBDC-2EED-47C9-98C8-ECF14A0B57E8}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |"UDP Query User{15092AFF-38A5-4E90-8E13-E9AA8CF04151}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |"UDP Query User{50B31E39-6C8D-49CE-B09C-B4387C8CBDB7}C:\programdata\778cee\bm778_2190.exe" = protocol=17 | dir=in | app=c:\programdata\778cee\bm778_2190.exe |"UDP Query User{914CD30A-0C09-4365-855A-083E64CCB2E5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"UDP Query User{B9C19B39-CA53-42BB-93DA-2166C7871F42}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"21A278FF533186329A8D4FCE4BC9BE937044B65B" = Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)"EDF6B682E17FB373EB8F895C08C9E29A33CFBB76" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)"HDMI" = Intel® Graphics Media Accelerator Driver"HP Document Manager" = HP Document Manager 1.0"HP Imaging Device Functions" = HP Imaging Device Functions 10.0"HP Photosmart Essential" = HP Photosmart Essential 2.5"HP Smart Web Printing" = HP Smart Web Printing"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0"HPExtendedCapabilities" = HP Customer Participation Program 10.0"HPOCR" = OCR Software by I.R.I.S. 10.0"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"Shop for HP Supplies" = Shop for HP Supplies"SMSERIAL" = Motorola SM56 Speakerphone Modem"SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Simsâ„¢ Life Stories"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.1"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"AddThis Toolbar" = AddThis Toolbar"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"BearShare MediaBar" = MediaBar"bSaving" = bSaving"CCleaner" = CCleaner (remove only)"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"Fast Browser SearchP" = Fast Browser Search Protection"FilmFanaticbar Uninstall" = FilmFanatic Toolbar"FrostWire" = FrostWire 4.21.7"Google Chrome" = Google Chrome"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar"Office14.SingleImage" = Microsoft Office Home and Student 2010"SelectRebatesUninstall" = ShopAtHome SelectRebates"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6"Software Assist" = Software Assist"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)"WildTangent hp Master Uninstall" = My HP Games"WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1776805723-2028868014-283815931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 1/4/2014 6:44:13 PM | Computer Name = SE | Source = WinMgmt | ID = 10Description = Error - 1/4/2014 7:10:17 PM | Computer Name = SE | Source = Application Hang | ID = 1002Description = The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c30 Start Time: 01cf099f2426c77f Termination Time: 34 Error - 1/4/2014 7:16:56 PM | Computer Name = SE | Source = Application Hang | ID = 1002Description = The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 3d4 Start Time: 01cf09a221cb632f Termination Time: 51 Error - 1/4/2014 8:55:29 PM | Computer Name = SE | Source = Application Error | ID = 1000Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,time stamp 0x47919291, faulting module sysmain.dll, version 6.0.6002.18005, time stamp 0x49e04208, exception code 0xc0000005, fault offset 0x00000000000424bf, process id 0x274, application start time 0x01cf099e51e2edcf. Error - 1/4/2014 11:15:49 PM | Computer Name = SE | Source = WinMgmt | ID = 10Description = Error - 1/4/2014 11:17:09 PM | Computer Name = SE | Source = Application Error | ID = 1000Description = Faulting application hpqWmiEx.exe, version 2.0.1.9, time stamp 0x4457c3f7, faulting module hpqWmiEx.exe, version 2.0.1.9, time stamp 0x4457c3f7, exception code 0xc0000005, fault offset 0x00005fe7, process id 0x178, application start time 0x01cf09c49c3ef3a5. [ System Events ]Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7034Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031Description = Error - 1/4/2014 11:14:21 PM | Computer Name = SE | Source = EventLog | ID = 6008Description = The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected. Error - 1/4/2014 11:16:06 PM | Computer Name = SE | Source = Service Control Manager | ID = 7022Description = Error - 1/4/2014 11:17:18 PM | Computer Name = SE | Source = Service Control Manager | ID = 7034Description = < End of report > Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 OTL.TxtOTL.Txt Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Shaneen Egan [Admin rights]Mode : Remove -- Date : 01/04/2014 22:38:38| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVS-60UST0 +++++--- User ---[MBR] 0ca105ab91de89c4bd56e21663885732[bSP] 5e5983554871d978d57052f9a23d949c : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225333 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461483190 | Size: 13139 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_D_01042014_223838.txt >>RKreport[0]_D_01042014_211315.txt;RKreport[0]_S_01042014_210820.txt;RKreport[0]_S_01042014_211616.txtRKreport[0]_S_01042014_223404.txt Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 done Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Egan thanks for the log ! I have to warn you about P2P programs >>> FrostWire is a peer-to-peer sharing program for the Gnutella and BitTorrent protocols. There were also signs of frostwire, bearshare, limewire and kazaa, one of these is where you caught the bad infection from ! This is where a major amount of virus comes from ! P2P WarningThere are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occurOnce upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.Please read these short reports on the dangers of peer-2-peer programs and file sharing.FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htmFile sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computersUSAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htminfoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theftBelow are a few more articles on P2P that you may wish to read ....http://www.us-cert.gov/cas/tips/ST05-007.htmlhttp://www.fbi.gov/scams-safety/peertopeer/oeertopeerhttp://www.benedelman.org/spyware/p2p/http://www.pcworld.com/article/126230/i ... works.htmlI would remove Frostwire from the add/remove panel before you become infected with something that we may not be able to clean ! I have seen this happen. !!!While you are in the Control panel remove this also >>> Javaâ„¢ 6 Update 2 Run this small program so we can see how protected you are ! Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. Chuck Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Great egan, looks like the infection is gone from the RougeKiller log ! Some get very hard to remove !!! Reading threw those logs makes the eyes real tired, Now lets do the OTL cleaning !! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL:OTLIE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{25D48CEB-F4D0-4601-BB0E-149A9DBB7B5B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:[b]64bit:[/b]'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE:[b]64bit:[/b]'>http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE:[b]64bit:[/b] - HKLM\..\SearchScopes\{F698946B-5E2B-4EAB-9E29-0AB57CFA079B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found3815931-1000\..\SearchScopes,DefaultScope = {F698946B-5E2B-4EAB-9E29-0AB57CFA079B}IE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{25D48CEB-F4D0-4601-BB0E-149A9DBB7B5B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/searchIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{F698946B-5E2B-4EAB-9E29-0AB57CFA079B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7FF - user.js - File not foundFF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found[2009/09/05 12:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Extensions[2009/09/05 12:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Extensions\[email protected][2014/01/04 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Firefox\Profiles\j4szpwbl.default\extensions[2014/01/04 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Firefox\Profiles\x523uufa.default\extensions[2010/02/12 00:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsO3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - No CLSID value found.O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not foundO13[b]64bit:[/b] - gopher Prefix: missingO13 - gopher Prefix: missingO18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\text/html - No CLSID value foundO18 - Protocol\Filter\text/html - No CLSID value found :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post the OTL fix Log next please ! ThanksChuck Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 Results of screen317's Security Check version 0.99.78 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 %````````````````````End of Log`````````````````````` Link to post Share on other sites
egans Posted January 5, 2014 Author Report Share Posted January 5, 2014 I also removed the java program Link to post Share on other sites
flashh4 Posted January 5, 2014 Report Share Posted January 5, 2014 Good job egan, now the OTL fix Log please !! Chuck Link to post Share on other sites
Recommended Posts