Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect virus/vista/IE9 affected/Firefox unaffected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect virus/vista/IE9 affected/Firefox unaffected

Unread postby penmark » August 26th, 2013, 9:48 am

I somehow acquired the Google Redirect virus/malware. I am running Windows Vista, Home Premium, 32 bit w/ SP2. I mostly use IE9, and just the other day, I began getting redirected when clicking on links from a Google search. I cleaned out the java cache, and the IE cache and temporary files, and it seemed to solve the problem. Next morning, without a reboot, problem resurfaced, but only intermittently - some links work fine, some links redirect - I can't figure out a rhyme or reason. I have no problem clicking on links in Mozilla Firefox. I've attached the two logs. I'd appreciate any help on this, and I'd also appreciate if you could tell me which malware program I should install to keep this from happening again. Thanks so much in advance.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 1.6.0_35
Run by Mark at 13:03:44 on 2013-08-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3574.1250 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [VirtualStore] rundll32 "c:\users\mark\appdata\local\microsoft\virtualstore\eppjhdpnij.dll",DllRegisterServer
uRun: [VST Update] regsvr32.exe c:\users\mark\appdata\local\vst\idr20009.dll
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexdef~1.lnk - c:\users\mark\appdata\local\autobahn\nexdef.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAsse ... ontrol.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/ ... ontrol.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZP ... b64162.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E1A1D904-87D9-425C-839A-BDAA9A76EDCB} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\nllv4fhh.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\mark\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-03 17:26; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-07-03 17:26; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-29 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-29 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.1.22\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-29 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.1.22\definitions\ipsdefs\20130822.001\IDSvix86.sys [2013-8-22 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-29 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-29 352344]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-29 144368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-9 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-8-15 968064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;c:\pcdr5\pcd5srvc.pkms [2006-9-25 28336]
S3 Pxrmcet;Pxrmcet;c:\windows\system32\drivers\Pxrmcet.sys [2007-11-13 15104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-21 15:29:29 -------- d-----w- c:\users\mark\appdata\local\VST
2013-08-13 22:16:04 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 22:16:04 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-13 22:15:41 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 22:15:36 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-13 22:10:34 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-13 22:08:12 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-13 22:08:12 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-13 22:08:11 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-13 22:08:04 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-13 22:08:03 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-13 22:08:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-13 22:08:03 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-25 13:11:41 -------- d-----w- c:\programdata\Medtronic
.
==================== Find3M ====================
.
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-24 19:08:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-24 19:08:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-02 13:27:51 97176 ------w- c:\windows\system32\ElbyCDIO.dll
2013-06-29 20:36:54 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 13:04:22.71 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2007 8:29:09 PM
System Uptime: 8/22/2013 3:51:19 PM (22 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 131.372 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.95 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 6 GiB total, 6.133 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 292 GiB total, 108.442 GiB free.
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2065: 8/7/2013 12:07:32 AM - Scheduled Checkpoint
RP2066: 8/7/2013 6:52:37 PM - Windows Backup
RP2067: 8/9/2013 6:08:12 PM - Scheduled Checkpoint
RP2068: 8/11/2013 2:59:14 AM - Scheduled Checkpoint
RP2069: 8/12/2013 3:58:36 AM - Scheduled Checkpoint
RP2070: 8/12/2013 5:13:04 PM - Scheduled Checkpoint
RP2071: 8/13/2013 11:22:46 AM - Scheduled Checkpoint
RP2072: 8/13/2013 10:21:03 PM - Windows Backup
RP2073: 8/14/2013 3:00:25 AM - Windows Update
RP2074: 8/15/2013 12:00:11 AM - Scheduled Checkpoint
RP2075: 8/16/2013 3:52:31 AM - Scheduled Checkpoint
RP2076: 8/17/2013 12:35:18 AM - Scheduled Checkpoint
RP2077: 8/18/2013 12:44:49 AM - Scheduled Checkpoint
RP2078: 8/19/2013 12:00:10 AM - Scheduled Checkpoint
RP2079: 8/20/2013 3:00:13 AM - Windows Update
RP2080: 8/21/2013 2:40:34 AM - Windows Backup
RP2081: 8/21/2013 3:00:14 AM - Windows Update
RP2082: 8/22/2013 3:55:06 AM - Scheduled Checkpoint
RP2083: 8/22/2013 9:17:33 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
AIM 7
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCH Small Firm Services (xulRunner)
Click'N Design 3D (V5)
CloneCD
CloneDVD2
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource 5
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
Destinations
DeviceDiscovery
Digital Photo Navigator 1.5
DocMgr
DocProc
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
Fax
Google Calendar Sync
Google Chrome
Google Drive
Google Update Helper
GoToAssist Corporate
GPBaseService2
H&R Block Basic + Efile + State 2011
H&R Block Business 2009 (Remove Only)
H&R Block Business 2010 (Remove Only)
H&R Block Business 2012 (Remove Only)
H&R Block New Jersey 2009
H&R Block New Jersey 2010
H&R Block New Jersey 2011
H&R Block New Jersey 2012
H&R Block New York 2009
H&R Block New York 2010
H&R Block New York 2011
H&R Block New York 2012
H&R Block Pennsylvania 2012
H&R Block Premium + Efile + State 2009
H&R Block Premium + Efile + State 2010
H&R Block Premium + Efile + State 2012
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Driver Diagnostics
HP Easy Setup - Frontend
HP Imaging Device Functions 14.0
HP OfficeJet J4600 All-In-One Series
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo Creations
HP Photosmart Essential 3.5
HP Photosmart Plus B210 series Basic Device Software
HP Photosmart Plus B210 series Help
HP Picasso Media Center Add-In
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel® Viiv™ Software
iPodifier
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 35
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.6.45.1
MarketResearch
MCE Tunes Pro
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
Move Networks Media Player for Internet Explorer
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
MyAttorney Home And Business
Netflix in Windows Media Center
Network
Norton 360
OCR Software by I.R.I.S. 14.0
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
OLYMPUS muvee theaterPack
OverDrive Media Console
Pdf995
PdfEdit995
Picasa 3
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
SmartWebPrinting
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
SolutionCenter
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Status
Symantec Technical Support Web Controls
TaxCut New Jersey 2007
TaxCut New Jersey 2008
TaxCut New York 2007
TaxCut New York 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VideoToolkit01
Viewpoint Media Player
VitalSource Bookshelf
WeatherBug Gadget
WebReg
WebSlingPlayer ActiveX
Yahoo! Search Protection
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
8/23/2013 11:02:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
8/22/2013 3:53:28 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/21/2013 3:03:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device.
8/19/2013 2:56:09 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/17/2013 1:26:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user HPA6257C\Mark SID (S-1-5-21-397070735-3145188438-542509979-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm
Advertisement
Register to Remove

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 26th, 2013, 10:45 am

Hello penmark,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 26th, 2013, 3:15 pm

Hello penmark,

WeatherBug Warning
WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBug and choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast

Step 1.
Create a System Restore Point
Because we are going to be making changes to your computer, it is advisable to create a new System Restore Point.
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point, we can proceed.
If you have NOT successfully created a System Restore Point, do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the words 'Code: Select all' into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Coupon Printer for Windows
    Java Auto Updater
    Java(TM) 6 Update 35
    Java(TM) SE Runtime Environment 6 Update 1
    WeatherBug Gadget
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 3.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 26th, 2013, 6:14 pm

Thanks for responding, and thanks for your help.

The following files were not present: java auto updater; weather bug gadget.

At the end of step 2, upon shutting down, I got the following message: "The instruction at 0X76778b0d referenced memory at 0X00000000. The memory could not be read. Click on ok to terminate program." I clicked off and the system restarted.

Upon rebooting, I got the following message: "The module, "C:\Users\Mark\AppData\Local\UST\idr20009.dll" failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files The specified module could not be found." I clicked off this and the reboot continued without issue.

In step 3, there were no threats found by the TDSSKiller.exe program.

In step 4, during the scan, I got the following message: "OTL.exe. There is no disk in the drive. Please insert a disk into driver \Device\Hardisk2\DR2." I clicked off this and the program continued scanning.

I checked in IE9, using Google, and tried a search for a legitimate site to which I was redirected earlier. I was redirected. Norton prevented an attack when I clicked on the site - I wasn't able to record everything it said but was was a Web Attack: styx ...

Attached are the OTL.txt and Extras.txt files.

OTL logfile created on: 8/26/2013 5:45:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public\Orenzow documents\Ebay matters\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 54.71% Memory free
7.16 Gb Paging File | 5.69 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.17 Gb Total Space | 131.75 Gb Free Space | 45.56% Space Free | Partition Type: NTFS
Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS
Drive F: | 6.19 Gb Total Space | 6.13 Gb Free Space | 99.03% Space Free | Partition Type: NTFS
Drive L: | 291.90 Gb Total Space | 109.13 Gb Free Space | 37.38% Space Free | Partition Type: NTFS
Drive O: | 7.45 Gb Total Space | 3.99 Gb Free Space | 53.51% Space Free | Partition Type: FAT32

Computer Name: HPA6257C | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/26 17:44:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Orenzow Documents\Ebay matters\Downloads\OTL.exe
PRC - [2013/08/16 21:07:24 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/09 09:42:14 | 007,221,336 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/03/14 10:47:42 | 015,500,800 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/22 14:29:10 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/01 17:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/12 15:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 21:07:24 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 03:34:12 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/14 03:32:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/14 03:32:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 03:32:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9092960402154cf69c694786ae1049b3\System.Configuration.ni.dll
MOD - [2013/08/14 03:30:55 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/14 03:30:41 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
MOD - [2013/08/14 03:30:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/14 03:30:13 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\766ec41669f9986cc118ec647df35cf0\System.Data.ni.dll
MOD - [2013/08/14 03:30:02 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1907eca427f3b8a0b672d7582427bace\PresentationFramework.ni.dll
MOD - [2013/08/14 03:29:46 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a42ae90abfc074ec34aac50353324f66\PresentationCore.ni.dll
MOD - [2013/08/14 03:29:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e887556e2e663db3f545345d634e125b\WindowsBase.ni.dll
MOD - [2013/08/14 03:29:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 03:41:27 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f28238b56c8b6401a428aa549b28a89a\UIAutomationTypes.ni.dll
MOD - [2013/07/11 03:37:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:36:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/03/14 10:47:42 | 015,500,800 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe
MOD - [2013/03/14 10:47:42 | 000,159,744 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2013/03/14 10:47:42 | 000,126,976 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2013/03/14 10:47:42 | 000,069,632 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2013/03/14 10:47:42 | 000,020,480 | ---- | M] () -- C:\Users\Mark\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 11:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 11:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 11:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 11:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 11:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/11 02:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/11/01 17:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2007/08/15 21:52:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/16 20:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 20:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/02/07 17:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Services (SafeList) ==========

SRV - [2013/08/16 21:07:24 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/24 15:08:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2010/01/23 00:39:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/08/20 21:30:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/20 14:38:49 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130823.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/08/16 05:56:29 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130826.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/16 05:56:29 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130826.001\NAVENG.SYS -- (NAVENG)
DRV - [2013/06/29 16:36:54 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/19 07:04:42 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/08/08 23:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/13 19:05:26 | 000,015,104 | ---- | M] (Proxure, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Pxrmcet.sys -- (Pxrmcet)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/11 05:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/25 20:17:42 | 000,028,336 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\PCDR5\pcd5srvc.pkms -- (PCD5SRVC{4E6EB9F3-2B32408D-05010004})
DRV - [2006/09/25 20:17:16 | 000,020,480 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {3FA99A29-739D-4636-AADA-F346D11EE60A}
IE - HKLM\..\SearchScopes\{3FA99A29-739D-4636-AADA-F346D11EE60A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{B52788EB-9A00-433E-9424-92F8B8F616B4}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7


IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes,DefaultScope = {DB3FDEF3-524C-435E-9FBC-CFCF530944FB}
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes\{DB3FDEF3-524C-435E-9FBC-CFCF530944FB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: tpoerzyqrs%40tpoerzyqrs.org:2.9.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mark\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013/08/26 17:35:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013/02/04 19:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/03 17:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/26 17:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/26 17:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Mark\AppData\Roaming\Move Networks [2010/01/25 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/03 17:26:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/26 17:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/26 17:15:17 | 000,000,000 | ---D | M]

[2010/01/23 00:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2013/08/21 11:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nllv4fhh.default\extensions
[2008/01/19 01:49:12 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nllv4fhh.default\extensions\tpoerzyqrs@tpoerzyqrs.org.xpi
[2012/11/25 18:48:43 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nllv4fhh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/08/26 17:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 21:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 21:07:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Mark\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Wallet Service = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [VirtualStore] C:\Users\Mark\AppData\Local\Microsoft\VirtualStore\eppjhdpnij.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [VST Update] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-397070735-3145188438-542509979-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Mark\AppData\Local\Autobahn\nexdef.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab (HPDDClientExec Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAsse ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZP ... b64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1A1D904-87D9-425C-839A-BDAA9A76EDCB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/15 22:05:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/08/01 05:17:56 | 000,000,000 | ---D | M] - O:\Automobile Records -- [ FAT32 ]
O33 - MountPoints2\{13c2b859-3447-11de-94bb-001d60acac56}\Shell\AutoRun\command - "" = M:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/25 12:19:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Orenzow Documents\Ian
[2013/08/21 11:29:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VST
[2013/08/16 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/14 03:02:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/14 03:02:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/14 03:02:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/14 03:02:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/14 03:02:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/14 03:02:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/14 03:02:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/14 03:02:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/13 18:15:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/13 18:08:12 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/13 18:08:12 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/08 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Orenzow Documents\Guatamala trip
[2013/08/02 19:00:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Orenzow Documents\750 Old Lancaster Road Berwyn
[2008/02/16 10:20:07 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Users\Mark\GoToAssist_chat2way__317_en.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/26 17:44:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/26 17:35:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/26 17:34:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/26 17:34:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/26 17:34:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/26 17:34:44 | 3746,037,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/26 17:01:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/22 04:11:48 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/14 03:05:36 | 000,643,540 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 03:05:36 | 000,119,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/13 17:43:40 | 000,001,356 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2013/08/12 14:58:19 | 365,453,843 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/08 09:43:05 | 000,252,377 | ---- | M] () -- C:\Users\Public\Orenzow Documents\insurance program summary.pdf
[2013/07/28 14:39:37 | 001,647,608 | ---- | M] () -- C:\Users\Mark\Desktop\Anniversary 32.jpg
[2013/07/28 14:39:37 | 001,640,080 | ---- | M] () -- C:\Users\Mark\Desktop\P7261374.JPG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/08 09:43:05 | 000,252,377 | ---- | C] () -- C:\Users\Public\Orenzow Documents\insurance program summary.pdf
[2013/07/28 14:40:20 | 001,647,608 | ---- | C] () -- C:\Users\Mark\Desktop\Anniversary 32.jpg
[2013/07/28 14:39:37 | 001,640,080 | ---- | C] () -- C:\Users\Mark\Desktop\P7261374.JPG
[2013/07/28 14:28:31 | 002,263,484 | ---- | C] () -- C:\Users\Mark\Desktop\P7261375.JPG
[2013/07/03 17:13:03 | 000,196,197 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2013/07/03 17:13:03 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2011/05/18 18:40:00 | 000,001,940 | ---- | C] () -- C:\Users\Mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/03/09 13:30:31 | 000,103,784 | ---- | C] () -- C:\Users\Mark\GoToAssistDownloadHelper.exe
[2008/03/01 00:24:27 | 000,710,144 | -HS- | C] () -- C:\Users\Mark\ehthumbs_vista.db
[2008/02/02 14:41:22 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2007/12/15 12:12:59 | 000,210,432 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/24 20:28:22 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/22 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2008/03/29 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HotSync
[2008/03/29 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Snapfish
[2008/03/29 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TaxCut
[2008/03/01 19:25:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\HotSync
[2008/03/01 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Snapfish
[2007/12/28 17:00:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\Snapfish
[2007/12/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\acccore
[2008/02/24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\CompanionLink
[2009/04/30 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EndNote
[2008/09/28 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EPSON
[2013/07/16 08:55:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Family Lawyer
[2008/02/24 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HotSync
[2009/12/27 13:43:57 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\iPodifier
[2008/10/05 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\IrfanView
[2008/02/24 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2008/10/04 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\muvee Technologies
[2008/03/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OverDrive
[2010/04/02 13:51:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\pdf995
[2012/05/19 13:18:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Sling Media
[2008/08/24 21:27:51 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SlySoft
[2007/11/24 18:02:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Snapfish
[2013/04/09 17:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TaxCut
[2010/06/04 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Tific
[2008/02/23 13:41:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WinBatch
[2008/05/16 10:33:39 | 000,000,000 | ---D | M] -- C:\Users\Penny\AppData\Roaming\HotSync
[2007/11/25 12:54:36 | 000,000,000 | ---D | M] -- C:\Users\Penny\AppData\Roaming\Snapfish

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:246B0427A7A439F4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0

< End of report >

OTL Extras logfile created on: 8/26/2013 5:45:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public\Orenzow documents\Ebay matters\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 54.71% Memory free
7.16 Gb Paging File | 5.69 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.17 Gb Total Space | 131.75 Gb Free Space | 45.56% Space Free | Partition Type: NTFS
Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS
Drive F: | 6.19 Gb Total Space | 6.13 Gb Free Space | 99.03% Space Free | Partition Type: NTFS
Drive L: | 291.90 Gb Total Space | 109.13 Gb Free Space | 37.38% Space Free | Partition Type: NTFS
Drive O: | 7.45 Gb Total Space | 3.99 Gb Free Space | 53.51% Space Free | Partition Type: FAT32

Computer Name: HPA6257C | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C91C5C1-B139-4F0E-A387-BAA612880523}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{204B2255-16FB-44BA-96F2-635DF192E4CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{355995B8-E3DD-4637-9335-E4231B57A2A8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3B483391-D4AD-4E5D-AACD-556F6810E104}" = lport=10244 | protocol=6 | dir=in | app=system |
"{42CD05CE-6C8F-4DED-80F1-E2860A840334}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49F71576-B4F6-44C0-B7FC-6991B4AB8E48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DC441D0-F2F2-4670-B99A-555E56AC4974}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50F477DD-68F8-4EAC-84B2-12609A74B123}" = lport=10244 | protocol=6 | dir=in | app=system |
"{52BE9454-4586-44FC-A9C1-AD0B9D316280}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{597D703B-002A-467D-B487-8F19B6789568}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F8A8B66-42F6-4751-BACF-AF19B8171EC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68674BFD-42D6-4DAE-BA08-285D6B6457D3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{71B4219D-40A5-4B12-8044-DD500448FCA4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{7B8D23A4-062C-4763-8B81-ECB9F969B27F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7FB011C9-A586-4579-A044-0C762EC858E4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{848B9ADE-3A0D-40EE-AA29-67EBF4FCFBCA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B1AA53B-BB7C-4C2A-94D8-DEB0C2EC937B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B50994E-160E-40D7-ACDB-AABFEB14976E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACDDE130-C616-497A-BA84-A9545EA1FD7A}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{B10A4E8A-614E-4D30-86FB-B4F00680E21B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E10E849A-BE39-4812-A4DC-7055BE03E09A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB755978-B545-4874-96C1-C5723D64EBE6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EBC4E7F5-9B5D-469B-A16D-49E871A7BA0D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F766BBB7-21CC-4AB9-9F43-AF55293BA36C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FFF43B4F-D112-4ED1-B481-51B3BECDAE3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084E9A89-61D5-43AC-8049-245206F2C553}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0F03F033-9EA1-423F-B684-EB40D92B4C6D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{155861BE-FF8A-4891-AD19-9E549B608669}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{1954D322-AA2E-433A-9816-111093F697ED}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1B36525C-CD2F-4231-BB04-0F2208819A96}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B68B626-BC21-4336-806D-34D7B887EA88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{21A0639A-8CC8-43B2-9E92-A3AEE2AC660E}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{23D1C933-BF99-4C29-8512-8C92E2B1AB75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26532EBB-6670-4158-844C-D6BA0569724F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{28C52759-7FED-493E-831B-1853BF604A69}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{2F4783CD-8C43-4148-8A59-07756850C280}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{2F480EAA-F8E1-445E-B506-22F0751959CD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{32FC34DD-3798-4AD3-8147-CEC6A0DA1CA4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{340916AC-EE4F-4159-BA8F-E8BDE0AC200B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4AE05C99-B15C-483B-B9AE-57146B95AC59}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{514E2E82-FDE6-4A84-A47B-A6FE30A0624E}" = dir=in | app=c:\users\mark\appdata\local\temp\7zs7bd2\ojj4600_basic_14\setup\hpznui01.exe |
"{531714B2-9521-4F9E-A277-E0101E3014D7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5986FB53-A4F9-4DA2-BD90-BACDF359A5C6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{69BF411C-3199-469E-B4F4-7810B9C40014}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6BD41F77-6F34-4561-9D31-D4B364A4D1BC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6DF702AB-8E78-4D5C-B343-AA51B49ED0B3}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{6FAF04D3-94DB-4CC6-B08A-241776CB3818}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{741BA515-5F70-40E0-BE19-3E06CF23662A}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{75B9B781-6C94-4AA8-9D4D-4C3137A5BDF9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7F1B4BEC-EB27-4CF8-AB80-A611E4A17860}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{7FD4BBC9-4469-4E0F-B5B4-74945859BFCA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8CA7F508-574E-4796-8283-E42CDC0E609C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{9CF6F2E4-AEFF-42B6-961C-B5E1C084D2E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AB14AE81-83BF-4FDF-A687-F267732EC3C4}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{AFA49080-7551-4419-9205-C1D241009D7A}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B4E1CC23-9D40-4B6D-AD46-FFDC731E630E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B75BB12D-4056-4CB6-8249-01D2C2AF5574}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BA6AE808-27BF-4DE9-AB84-BEAEDFD54951}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C5152773-BE58-43DA-B9E0-D602E2BFE9CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{C7A8111B-69CC-47C1-90C5-6ED9766C4C8E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C8B83948-E664-4E55-BB39-8382B8B04692}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{C9664F86-3D49-4F97-938E-917B1C21A8B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D61D35D6-2650-43E6-8AD1-A053985A8AAE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DA5E0388-398D-441D-B081-2613EB09C3CB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DABAAC30-0EEB-46E1-87F3-E42C38DE1490}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F35794B6-9CCB-4EBA-8A9F-923CBE6833BE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F937BF6E-A6FF-4331-BAE9-0C6C5FE3D648}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FCA6D705-4F23-4026-A358-8F1718A31CAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0A5FB059-9FF1-4A78-9753-4D7656560DAF}" = H&R Block New York 2012
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E243038-5F19-457F-A5A1-287477354D75}" = H&R Block New Jersey 2010
"{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}" = TaxCut New Jersey 2007
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4945F319-A24D-454C-A411-F3689987315D}" = HP OfficeJet J4600 All-In-One Series
"{4BAC29B6-145B-49D0-A2FC-A79AE4F606E5}" = TaxCut New York 2008
"{5122DF4B-3740-4F0B-B423-48C46BA5834C}" = H&R Block New Jersey 2009
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56F59702-1BB9-4C1B-BB8A-FB5F84A90378}" = H&R Block New York 2009
"{58381EE3-A57D-448F-BC8E-FFC66987615E}" = TaxCut New York 2007
"{5A80C75C-EB3A-4275-A6C4-2E20349DBF4C}" = H&R Block New York 2010
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C434B52-8D0F-4080-9649-7497445DDCD4}" = H&R Block New York 2011
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E5A0256-C1BB-4A4E-99CE-B87CC4383744}" = HP Photosmart Plus B210 series Basic Device Software
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{70469C1D-DDF0-44A0-B873-9F28B354256C}" = H&R Block Basic + Efile + State 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89BA1176-0C98-483D-9CAF-EBBC4EEE5DB3}" = VitalSource Bookshelf
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Premium + Efile + State 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3282FB8-874B-4054-8356-9EB391A826F9}" = OLYMPUS muvee theaterPack
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C6141748-CA45-4F24-A519-2401F2CCA01D}" = TaxCut New Jersey 2008
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD966EEF-2914-4205-A269-E86F8AA7C0E9}" = H&R Block New Jersey 2011
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4163F73-AAE4-4E4F-9E9E-70828C2ADB58}" = iPodifier
"{D523F5FE-5E53-429A-B5F9-8AC375B201FD}" = H&R Block New Jersey 2012
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"{DE46FEE3-4D5F-446F-ACEC-89E3ED081293}" = MCE Tunes Pro
"{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}" = H&R Block Pennsylvania 2012
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AnyDVD" = AnyDVD
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"Click'N Design 3D (V5)" = Click'N Design 3D (V5)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"H&R Block Business 2009" = H&R Block Business 2009 (Remove Only)
"H&R Block Business 2010" = H&R Block Business 2010 (Remove Only)
"H&R Block Business 2012" = H&R Block Business 2012 (Remove Only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}" = MyAttorney Home And Business
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pdf995" = Pdf995yName
"PdfEdit995" = PdfEdit995
"Picasa 3" = Picasa 3
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Search Defender" = Yahoo! Search Protection
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2009 8:24:52 PM | Computer Name = HPa6257c | Source = Customer Experience Improvement Program | ID = 1010
Description =

Error - 6/9/2009 9:32:47 PM | Computer Name = HPa6257c | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1564 Start Time: 01c9e96233a457c8 Termination Time: 59

Error - 6/11/2009 3:08:39 AM | Computer Name = HPa6257c | Source = Windows Search Service | ID = 3013
Description =

Error - 6/11/2009 3:10:42 AM | Computer Name = HPa6257c | Source = Windows Search Service | ID = 3013
Description =

Error - 6/11/2009 3:10:42 AM | Computer Name = HPa6257c | Source = Windows Search Service | ID = 3013
Description =

Error - 6/12/2009 6:40:20 PM | Computer Name = HPa6257c | Source = System Restore | ID = 8209
Description =

Error - 6/12/2009 9:08:57 PM | Computer Name = HPa6257c | Source = System Restore | ID = 8209
Description =

Error - 6/12/2009 9:32:12 PM | Computer Name = HPa6257c | Source = Customer Experience Improvement Program | ID = 1010
Description =

Error - 6/14/2009 9:11:03 PM | Computer Name = HPa6257c | Source = Customer Experience Improvement Program | ID = 1010
Description =

Error - 6/14/2009 10:13:49 PM | Computer Name = HPa6257c | Source = Customer Experience Improvement Program | ID = 1010
Description =

[ IntelDH Events ]
Error - 9/17/2008 9:01:04 AM | Computer Name = HPa6257c | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/17/2008 9:02:33 AM | Computer Name = HPa6257c | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 4/2/2010 5:39:40 PM | Computer Name = HPa6257c | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/18/2010 5:24:51 PM | Computer Name = HPa6257c | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 9/18/2010 5:24:51 PM | Computer Name = HPa6257c | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

[ Media Center Events ]
Error - 5/24/2012 2:30:32 AM | Computer Name = HPa6257c | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2012 8:41:45 AM | Computer Name = HPa6257c | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2012 8:01:31 PM | Computer Name = HPa6257c | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/22/2012 12:00:42 AM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 6/22/2012 12:00:55 AM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 12/8/2012 8:10:47 PM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/8/2012 8:10:48 PM | Computer Name = HPa6257c | Source = McrMgr | ID = 109
Description =

Error - 6/6/2013 12:10:21 AM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 6/6/2013 12:10:55 AM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 7/12/2013 12:34:08 PM | Computer Name = HPa6257c | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/21/2013 3:03:32 AM | Computer Name = HPa6257c | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/22/2013 3:53:28 PM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7000
Description =

Error - 8/23/2013 10:59:47 AM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7011
Description =

Error - 8/23/2013 11:02:08 AM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7011
Description =

Error - 8/23/2013 4:20:38 PM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7011
Description =

Error - 8/26/2013 3:12:16 AM | Computer Name = HPa6257c | Source = DCOM | ID = 10010
Description =

Error - 8/26/2013 5:03:44 PM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7011
Description =

Error - 8/26/2013 5:12:59 PM | Computer Name = HPa6257c | Source = DCOM | ID = 10010
Description =

Error - 8/26/2013 5:20:33 PM | Computer Name = HPa6257c | Source = DCOM | ID = 10010
Description =

Error - 8/26/2013 5:36:15 PM | Computer Name = HPa6257c | Source = Service Control Manager | ID = 7000
Description =


< End of report >
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 27th, 2013, 11:46 am

Hello penmark,

Good job! :D

I checked in IE9, using Google, and tried a search for a legitimate site to which I was redirected earlier. I was redirected. Norton prevented an attack when I clicked on the site - I wasn't able to record everything it said but was was a Web Attack: styx ...
Please do not try to check now if you still have this problem or it's gone already. Actually, the treatment is not started yet - I collected information by previous steps to find the best solution. Now please run the following:

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the words 'Code: Select all'
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {3FA99A29-739D-4636-AADA-F346D11EE60A}
    IE - HKLM\..\SearchScopes\{3FA99A29-739D-4636-AADA-F346D11EE60A}: "URL" = http://search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&am ... dis&q= {SEARCHTERMS}
    IE - HKLM\..\SearchScopes\{B52788EB-9A00-433E-9424-92F8B8F616B4}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&am ... dis&q= {SEARCHTERMS}
    IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&am ... dis&q= {SEARCHTERMS}
    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&am ... dis&q= {SEARCHTERMS}
    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&am ... dis&q= {SEARCHTERMS}
    IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes,DefaultScope = {DB3FDEF3-524C-435E-9FBC-CFCF530944FB}
    IE - HKU\S-1-5-21-397070735-3145188438-542509979-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q= {SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    O4 - HKLM..\Run: [] File not found
    
    :Files
    C:\Windows\*.tmp
    @C:\Windows:246B0427A7A439F4
    @C:\ProgramData\TEMP:7838B9E0
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window. Do not include the words 'Code: Select all':
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    smartbar
    Sweetpack
    Tarma
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the JRT.txt log file
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 27th, 2013, 12:16 pm

While running OTL, I got the following message: "OTL has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." There is a box for "close program."

The hourglass is still turning about a half-hour later. How would you suggest I proceed?
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 27th, 2013, 12:54 pm

I'm going to close the program and retry running OTL as instructed.
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 27th, 2013, 1:23 pm

Hello penmark,

While running OTL, I got the following message: "OTL has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." There is a box for "close program." I'm going to close the program and retry running OTL as instructed.
If it will happened again please exclude Step 1 and proceed to Step 2 and others...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 27th, 2013, 4:02 pm

Thanks. I reran OTL and it worked. I'm on step 3, SystemLook now and have a few questions: how long should this take to run? it's been running for quite a while (over an hour), and it still shows the "scanning" button greyed out. Also, a box popped up - Microsoft Visual C++ Runtime Library. The box is blank.

To check whether the program was running, I opened task manager and SystemLook is in Running status.

One additional point, after running the Junkware Removal Tool, I reactivated the protection software before going to download the SystemLook software. I hope that was the correct thing to do. The protection software is still activated, just in case that will help you.

Thanks.
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 27th, 2013, 4:46 pm

Hello penmark,

Thanks. I reran OTL and it worked.
Very good!

I'm on step 3, SystemLook now and have a few questions: how long should this take to run? it's been running for quite a while (over an hour), and it still shows the "scanning" button greyed out.
It may be a long run - even couple hours or more. The SystemLook tried to find every object listed if the script list plus variations of them when '*" placed before and after particular name in files, folders and registry entries. It is slow scanning software...

One additional point, after running the Junkware Removal Tool, I reactivated the protection software before going to download the SystemLook software. I hope that was the correct thing to do. The protection software is still activated, just in case that will help you.
The protection software cannot compromise SystemLook which is some kind of search engine and nothing more.

So, please be patient! :D

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 27th, 2013, 8:33 pm

Thanks, pgmigg, for the next steps. Here are the results:

from the OTL file, there were two logs in the MovedFiles subfolder:


Files\Folders moved on Reboot...
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF2D9C.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF31D2.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF31FD.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF3C83.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF3CA9.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF411B.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF4135.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF4295.tmp not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The second file follows:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FA99A29-739D-4636-AADA-F346D11EE60A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FA99A29-739D-4636-AADA-F346D11EE60A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B52788EB-9A00-433E-9424-92F8B8F616B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B52788EB-9A00-433E-9424-92F8B8F616B4}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35\ not found.
File C:\Windows\system32\npdeployJava1.dll not found.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== FILES ==========
File\Folder C:\Windows\*.tmp not found.
Unable to delete ADS C:\Windows:246B0427A7A439F4 .
Unable to delete ADS C:\ProgramData\TEMP:7838B9E0 .
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Public\Orenzow documents\Ebay matters\Downloads\cmd.bat deleted successfully.
c:\Users\Public\Orenzow documents\Ebay matters\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lauren
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 35591 bytes
->Temporary Internet Files folder emptied: 224506 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16032900 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2.HPA6257C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Penny
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8051 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 257024 bytes

Total Files Cleaned = 16.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Lauren

User: Mark
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx2.HPA6257C

User: Penny
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest

User: IUSR_NMPR

User: Lauren

User: Mark
->Java cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx2.HPA6257C

User: Penny
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08272013_141024

After running the Junkware Removal Tool, here is the JRT.txt log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Mark on Tue 08/27/2013 at 14:28:15.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] viewpoint manager service
Successfully deleted: [Service] viewpoint manager service



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{1BEB182C-39E5-5C9F-FBF9-2A4DDBB4F8D1}



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml"
Successfully deleted: [File] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\nllv4fhh.default\user.js
Successfully deleted: [File] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\nllv4fhh.default\extensions\tpoerzyqrs@tpoerzyqrs.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\nllv4fhh.default\invalidprefs.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/27/2013 at 14:31:36.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And finally, after running SystemLook, here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:37 on 27/08/2013 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1205536 bytes [21:40 18/02/2011] [21:40 18/02/2011] 24B0E635B15BF43E6F7429AC6383CAB7
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [00:20 11/06/2010] [00:20 11/06/2010] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\Public\Orenzow documents\Galaxy Backup\App_Backup_Restore\com.conduit.app_48e4476c5de941c9b030f8ce4798c91e.app-6-v1.15.31.755.apk --a---- 2408492 bytes [00:45 31/01/2013] [12:35 09/01/2013] CEC36FAE1F63141A7C6DDDCE61266A61
C:\Users\Public\Orenzow documents\Galaxy Backup\App_Backup_Restore\com.conduit.app_d8d36f54bd3043feb2c8a35d94eda787.app-9-v1.19.21.475.apk --a---- 2405712 bytes [00:45 31/01/2013] [12:35 09/01/2013] AF28A6B474032E10921E967D3ECCE2A6

Searching for "*datamngr*"
C:\Users\Mark\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [18:27 27/08/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*searchab*"
C:\Program Files\Common Files\HP\Digital Imaging\Icons\Document_PDFSearchable.ico --a---- 4406 bytes [07:59 28/05/2010] [07:59 28/05/2010] F6016AB8CEBE3E461F7AF031ED3F1551

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Program Files\HP Games\Chuzzle Deluxe\sounds\Speaks\SweetRelief.ogg --a---- 11914 bytes [23:27 04/04/2005] [23:27 04/04/2005] E4DAB1B8F38D80EC6CE59C90D727BA73
C:\Users\Mark\Desktop\kathy's pictures\Best of 1994\Kelly's Sweet 16 - June 1994.jpg --a---- 212973 bytes [21:17 09/04/2008] [17:32 26/02/2008] 5BA7FEC26BECAFDF77FF64BAF2E58B5D
C:\Users\Mark\Desktop\music for my ZEN\1967\Conley,Arthur_SweetSoulMusic.mp3 --a---- 2850832 bytes [19:15 28/12/2008] [19:49 07/02/2009] 4E2E812D35F5F5582A3DCA8E2F23F8C2
C:\Users\Mark\Desktop\music for my ZEN\1969\Diamond,Neil_SweetCaroline.mp3 --a---- 3963642 bytes [20:50 28/12/2008] [03:52 21/05/2011] 20F34AD7D663DA2C19D4342FA60521C5
C:\Users\Mark\Desktop\music for my ZEN\1969\James,Tommy_SweetCherryWine.mp3 --a---- 4340174 bytes [00:29 29/12/2008] [03:52 21/05/2011] 00CE1ACD937BD04C3F62FC9B4DA141C0
C:\Users\Mark\Pictures\our pictures\LBI collage\1983 - pink house\Eurythmics_SweetDreams.mp3 --a---- 5075324 bytes [17:26 04/07/2009] [18:25 04/07/2009] 459E5E74FC56339965E51F82B1E70DE5
C:\Users\Mark\Pictures\our pictures\To label print file\pictures ordered\Emilie & Mose sweet onion sign 2-16-02.jpg --a---- 684527 bytes [01:03 25/11/2007] [04:49 17/02/2002] 540A2A72D15740CBCF8C6314B92EA59E
C:\Users\Mark\Pictures\our pictures\Vacations\Vidalia 2-02\Emilie & Mose sweet onion sign 2-16-02.jpg --a---- 684527 bytes [01:04 25/11/2007] [04:49 17/02/2002] 540A2A72D15740CBCF8C6314B92EA59E
C:\Users\Mark\Pictures\our pictures\Vacations\Vidalia 2-02\Vidalia sweet onion sign 2-16-02.jpg --a---- 681701 bytes [01:04 25/11/2007] [04:48 17/02/2002] 6E87A84159ACC0000CF8F79D010B7FB8

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\ProgramData\HotSync\Conduits d------ [17:01 24/02/2008]
C:\Users\Admin\AppData\Roaming\HotSync\Conduits d------ [18:32 29/03/2008]
C:\Users\All Users\HotSync\Conduits d------ [17:01 24/02/2008]
C:\Users\Guest\AppData\Roaming\HotSync\Conduits d------ [23:25 01/03/2008]
C:\Users\Mark\AppData\Roaming\HotSync\Conduits d------ [16:42 24/02/2008]
C:\Users\Penny\AppData\Roaming\HotSync\Conduits d------ [14:33 16/05/2008]

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Sweet*"
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\product\sweetopia d------ [01:56 16/08/2007]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\product\sweetopia d------ [01:56 16/08/2007]

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}]
"FaviconURLFallback"="http://uk.ask.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}]
"FaviconURLFallback"="http://uk.ask.com/favicon.ico"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application0]
"Conduit"="SgPqiCn.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="palmOneSyncCond.dll"
[HKEY_CURRENT_USER\Software\U.S. Robotics\Pilot Desktop\Application11]
"Conduit"="VMConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AD6DC32C85915A34DA0D959356270EE2"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AD6DC32C85915A34DA0D959356270EE2]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"AD6DC32C85915A34DA0D959356270EE2"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\U.S. Robotics\Pilot Desktop\Application0]
"Conduit"="SgPqiCn.dll"
[HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\U.S. Robotics\Pilot Desktop\Application1]
"Conduit"="palmOneSyncCond.dll"
[HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\U.S. Robotics\Pilot Desktop\Application11]
"Conduit"="VMConduit.dll"

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"

Please let me know next steps.

Thanks.

Mark
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 28th, 2013, 11:14 am

Hello penmark,

The next steps are:

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the words 'Code: Select all'
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}]
    "FaviconURLFallback"=-
    [HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}]
    "FaviconURLFallback"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download site available here
  1. Make sure you are connected to the Internet.
  2. Right-click on mbam-setup-1.75.1300.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you have the check boxes set this way:
    • Check Update Malwarebytes' Anti-Malware
    • Check Launch Malwarebytes' Anti-Malware
    • Uncheck Enable free trial of Malwarebytes Anti-malware PRO ... You may opt for this trial later, if desired.
    • Click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Full Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 30th, 2013, 8:17 am

Results of latest actions:

OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}\\FaviconURLFallback deleted successfully.
Registry value HKEY_USERS\S-1-5-21-397070735-3145188438-542509979-1001\Software\Microsoft\Internet Explorer\SearchScopes\{933AC5D9-6AB2-4AAA-8966-20D49A1EC230}\\FaviconURLFallback not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lauren
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 4027309 bytes
->Temporary Internet Files folder emptied: 1452258 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17876247 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2.HPA6257C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Penny
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101287 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Lauren

User: Mark
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx2.HPA6257C

User: Penny
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest

User: IUSR_NMPR

User: Lauren

User: Mark
->Java cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx2.HPA6257C

User: Penny
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08282013_115719

Files\Folders moved on Reboot...
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE550.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE55A.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE56D.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE577.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE58A.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE594.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE5A8.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DFE5B2.tmp not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware results:

While running this, I had to leave my house but I wanted to be present for the whole scan so that I could ensure it ran successfully. I suspended the scan after it had found one item, removed it, saved the log, and then reran the complete scan upon my return. Therefore, I am providing two logs - the first, which removed the one item, and the second, which found nothing irregular:

first run:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: HPA6257C [administrator]

8/28/2013 12:26:18 PM
mbam-log-2013-08-28 (12-26-18).txt

Scan type: Full scan (C:\|D:\|F:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 75299
Time elapsed: 13 minute(s), 19 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

second run:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: HPA6257C [administrator]

8/29/2013 4:27:32 PM
mbam-log-2013-08-29 (16-27-32).txt

Scan type: Full scan (C:\|D:\|F:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 728351
Time elapsed: 5 hour(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks for your ongoing help, and looking forward to next steps.

Mark
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby pgmigg » August 30th, 2013, 5:32 pm

Hello penmark,

Very good results! :D

Step 1.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!

Then,
Please check your browsers and tell me about current conditions of redirection problem - is it still here or disappeared?

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect virus/vista/IE9 affected/Firefox unaffec

Unread postby penmark » August 31st, 2013, 6:41 pm

Sorry for the delay. I ran the scan last night, but either before it completed or after, the computer rebooted, so I had to start the scan all over this morning. Of note, I tried to save the log as directed, but for some reason it didn't save after I named it and clicked enter. So I saved it to a Word file. Three threats were found - here is the log:

C:\Users\Mark\Desktop\flash\orenzow documents sept 23\Orenzow documents\downloads\mediacoder_8731.exe a variant of Win32/InstallIQ.A application
C:\Users\Public\Orenzow documents\dvd and cd collections\Drive Directory\downloads\mediacoder_8731.exe a variant of Win32/InstallIQ.A application
C:\Users\Public\Orenzow documents\Galaxy Backup\App_Backup_Restore\com.alienmanfc6.wheresmyandroid-78-v4.1.1.apk a variant of Android/Walien.F application

I tried a Google search of a couple of the sites I had trouble with earlier, and right now, it seems fine.

Thanks for your continuing help - looking forward to next steps.

Mark
penmark
Regular Member
 
Posts: 15
Joined: August 23rd, 2013, 1:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware