Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infecting web browsing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 10:46 am

Getting popups and all kinds of ads when using any browser on the internet. Any help is greatly appreciated!!

Lenny

dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17183 BrowserJavaVersion: 10.71.2
Run by Lulanoski at 8:41:52 on 2014-12-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.4776 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Windows\system32\GManager.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Users\Lulanoski\AppData\Local\ConvertAd\CASrv.exe
C:\Users\Lulanoski\AppData\Roaming\VOPackage\VOsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Users\Lulanoski\AppData\Local\GeniusBox\Client.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
C:\Users\Lulanoski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe
C:\Users\Lulanoski\AppData\Local\ConvertAd\ConvertAd.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files (x86)\TechSmith\Snagit 12\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 12\snagiteditor.exe
C:\Windows\system32\mstsc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT333212 ... CB81&SSPV=
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:64464;https=127.0.0.1:64464
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LaCie Desktop Manager Startup] "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [Spotify] "C:\Users\Lulanoski\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Lulanoski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\LULANO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\LULANO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files\MozyPro\mozyprostat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: dell.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXc ... atgpc1.cab
TCP: NameServer = 192.168.1.99 64.89.70.2 64.89.74.2
TCP: Interfaces\{03C6CF32-896D-4E11-B392-A13A6FBE7E20} : DHCPNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
TCP: Interfaces\{14304DF0-78E2-4C2C-8CF4-94BD65EB2885} : DHCPNameServer = 10.1.4.73 10.2.4.73
TCP: Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B} : DHCPNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
TCP: Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B}\64275646E6342796374796 : DHCPNameServer = 8.8.8.8 24.178.162.3 24.247.15.53
TCP: Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B}\955627D6F6D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B}\F454D2055726C69636 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B}\F65696B636 : DHCPNameServer = 64.89.70.2 64.89.74.2
TCP: Interfaces\{5A930C58-394E-44A3-9AC8-B0223AA4124C} : DHCPNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT333212 ... CB81&SSPV=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\Lulanoski\AppData\Local\FreeScreenSharing\npfreesee.dll
FF - plugin: C:\Users\Lulanoski\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll
FF - plugin: C:\Users\Lulanoski\AppData\Roaming\Mozilla\plugins\npLWAPlugin15.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 mctkmdldr;mctkmdldr;C:\Windows\System32\drivers\mctKmdldr64.sys [2014-7-23 19584]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 {14d0f170-74e0-4cbf-843b-3db832216c50}Gw64;{14d0f170-74e0-4cbf-843b-3db832216c50}Gw64;C:\Windows\System32\drivers\{14d0f170-74e0-4cbf-843b-3db832216c50}Gw64.sys [2014-12-29 48784]
R1 {eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64;{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64;C:\Windows\System32\drivers\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64.sys [2014-12-28 48784]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-25 50976]
R1 mozyproFilter;mozyproFilter;C:\Windows\System32\drivers\mozypro.sys [2014-4-10 67808]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 GManager;GManager;C:\Windows\System32\GManager.exe [2014-7-23 313432]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2014-2-5 126880]
R2 LaCieDesktopManagerService;LaCieDesktopManagerService;C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [2013-10-7 1227264]
R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2014-7-23 199296]
R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2013-1-23 55112]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 serverca;CA Service component;C:\Users\Lulanoski\AppData\Local\ConvertAd\CASrv.exe [2014-12-28 143872]
R2 servervo;VO Service component;C:\Users\Lulanoski\AppData\Roaming\VOPackage\VOsrv.exe [2014-12-28 133632]
R2 Update Cyti Web;Update Cyti Web;C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [2014-12-28 524528]
R2 Util Cyti Web;Util Cyti Web;C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [2014-12-28 524528]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R2 webinstrNewH;webinstrNewH;C:\Windows\System32\drivers\webinstrNewH.sys [2014-12-28 106456]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2014-3-24 352144]
R3 mctkmd;mctkmd;C:\Windows\System32\drivers\mctkmd64.sys [2014-7-23 159536]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\System32\drivers\t1pusb64.sys [2014-7-23 181424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-28 68608]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-28 68608]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [2014-7-9 610888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-2 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 t2usb64;Trigger II External Graphics;C:\Windows\System32\drivers\t2usb64.sys [2014-7-23 429944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-17 1255736]
.
=============== Created Last 30 ================
.
2014-12-29 14:25:51 48784 ----a-w- C:\Windows\System32\drivers\{14d0f170-74e0-4cbf-843b-3db832216c50}Gw64.sys
2014-12-29 02:22:37 -------- d-----w- C:\Users\Lulanoski\AppData\Roaming\WinPatrol
2014-12-29 02:22:23 -------- d-----w- C:\ProgramData\InstallMate
2014-12-29 02:22:23 -------- d-----w- C:\Program Files (x86)\Ruiware
2014-12-28 23:46:41 -------- d-----w- C:\Users\Lulanoski\AppData\Roaming\AVG2015
2014-12-28 23:45:39 -------- d-----w- C:\Users\Lulanoski\AppData\Roaming\TuneUp Software
2014-12-28 23:44:56 613057 ----a-w- C:\Users\Lulanoski\AppData\Local\nsz1721.tmp
2014-12-28 23:44:54 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-12-28 23:44:53 -------- d-sh--w- C:\Users\Lulanoski\AppData\Roaming\AnyProtectEx
2014-12-28 23:44:05 -------- d-----w- C:\Users\Lulanoski\AppData\Local\ConvertAd
2014-12-28 23:42:51 -------- d--h--w- C:\$AVG
2014-12-28 23:42:50 -------- d-----w- C:\ProgramData\AVG2015
2014-12-28 23:42:30 2330 ----a-w- C:\Windows\patsearch.bin
2014-12-28 23:42:15 106456 ----a-w- C:\Windows\System32\drivers\webinstrNewH.sys
2014-12-28 23:42:14 -------- d-----w- C:\Program Files (x86)\ver1BlockAndSurf
2014-12-28 23:41:41 -------- d-----w- C:\Users\Lulanoski\AppData\Local\SmartWeb
2014-12-28 23:41:37 -------- d-----w- C:\Program Files (x86)\AVG
2014-12-28 23:40:57 -------- d-----w- C:\Users\Lulanoski\AppData\Local\gmsd_us_44
2014-12-28 23:40:54 -------- d-----w- C:\Program Files (x86)\gmsd_us_44
2014-12-28 23:36:40 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D730881-4F71-43D9-B312-D312A4000D1F}\offreg.dll
2014-12-28 23:23:39 -------- d-----w- C:\Users\Lulanoski\AppData\Local\MFAData
2014-12-28 23:23:39 -------- d-----w- C:\Users\Lulanoski\AppData\Local\Avg2015
2014-12-28 23:23:39 -------- d-----w- C:\ProgramData\MFAData
2014-12-28 23:04:35 48784 ----a-w- C:\Windows\System32\drivers\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64.sys
2014-12-28 22:58:44 -------- d-----w- C:\Users\Lulanoski\AppData\Local\wincheck
2014-12-28 22:55:40 -------- d-----w- C:\Program Files (x86)\Liveistream
2014-12-28 22:55:39 1526248 ----a-w- C:\Users\Lulanoski\AppData\Roaming\ED.exe
2014-12-28 22:55:00 -------- d-----w- C:\Program Files (x86)\156a4896-2712-4230-b427-dbda1b6440b3
2014-12-28 22:54:53 1848808 ----a-w- C:\Users\Lulanoski\AppData\Roaming\DVOPAQI.exe
2014-12-28 22:54:49 -------- d-----w- C:\Users\Lulanoski\AppData\Roaming\VOPackage
2014-12-28 22:54:22 -------- d-----w- C:\Users\Lulanoski\AppData\Local\globalUpdate
2014-12-28 22:54:22 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-12-28 22:54:13 -------- d-----w- C:\Program Files (x86)\HQ-Video-Pro-2.1cV28.12
2014-12-28 22:53:35 -------- d-----w- C:\Program Files (x86)\Cyti Web
2014-12-28 22:51:53 -------- d-----w- C:\Users\Lulanoski\AppData\Local\GeniusBox
2014-12-28 22:50:45 -------- d-----w- C:\ProgramData\zoomify_29
2014-12-28 22:50:07 -------- d-----w- C:\Users\Lulanoski\AppData\Local\SearchProtect
2014-12-28 22:50:05 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-12-28 22:17:11 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0D730881-4F71-43D9-B312-D312A4000D1F}\mpengine.dll
2014-12-26 22:00:44 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-19 17:40:53 -------- d-----w- C:\Users\Lulanoski\AppData\Local\Spotify
2014-12-19 17:39:37 -------- d-----w- C:\Users\Lulanoski\AppData\Roaming\Spotify
2014-12-19 00:07:15 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F21CCD92-8321-47AD-819B-75931A6B4789}\gapaengine.dll
2014-12-17 15:03:33 -------- d-----w- C:\Windows\System32\appraiser
2014-12-17 14:27:39 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-17 14:27:38 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 15:40:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 15:39:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-10 15:39:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-10 01:59:39 -------- d-----w- C:\ProgramData\Avg_Update_1214tb
2014-12-09 03:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M ====================
.
2014-12-17 15:24:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-17 15:24:20 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-21 08:38:00 2237952 ----a-w- C:\Windows\System32\wininet.dll
2014-11-21 08:37:51 600576 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-21 08:36:24 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-21 08:36:17 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-21 08:36:17 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-11-21 08:35:42 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-21 07:17:51 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 07:17:44 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-21 07:16:46 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-21 07:16:42 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-21 07:16:42 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-11-21 07:16:16 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-21 07:00:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-21 06:54:49 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-21 06:31:56 441856 ----a-w- C:\Windows\System32\html.iec
2014-11-21 06:24:52 361984 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-21 06:05:06 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-11-21 05:59:00 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-11-19 10:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-19 03:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-11 01:39:16 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 21:14:32 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-06 02:41:40 124184 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH: 8:42:47.68 ===============


attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/16/2013 4:26:55 PM
System Uptime: 12/29/2014 8:30:05 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 03PH4G
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 332.806 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0065
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0065
Service:
.
Class GUID:
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer:
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0046
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0046
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 500 colorMFP M570dn
Device ID: ROOT\MULTIFUNCTION\0066
Manufacturer: Hewlett-Packard
Name: HP LaserJet 500 colorMFP M570dn
PNP Device ID: ROOT\MULTIFUNCTION\0066
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer: Hewlett-Packard
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Designjet 510 42in Printer (CH337A)
Device ID: ROOT\MULTIFUNCTION\0047
Manufacturer: Hewlett-Packard
Name: HP Designjet 510 42in Printer (CH337A)
PNP Device ID: ROOT\MULTIFUNCTION\0047
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M1536dnf MFP
Device ID: ROOT\MULTIFUNCTION\0067
Manufacturer: Hewlett-Packard
Name: HP LaserJet M1536dnf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0067
Service:
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 M401n
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401n
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM4540 MFP
Device ID: ROOT\MULTIFUNCTION\0048
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM4540 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0048
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0068
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0068
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM1312nfi MFP
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1312nfi MFP
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0049
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0049
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0069
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0069
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM1312nfi MFP
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1312nfi MFP
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4015
Device ID: ROOT\MULTIFUNCTION\0050
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4015
PNP Device ID: ROOT\MULTIFUNCTION\0050
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0070
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0070
Service:
.
Class GUID:
Description: HP Color LaserJet CM4540 MFP
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer:
Name: HP Color LaserJet CM4540 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0051
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0051
Service:
.
Class GUID:
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer:
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID:
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0071
Manufacturer:
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0071
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0052
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0052
Service:
.
Class GUID:
Description: HP Color LaserJet CM4540 MFP
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer:
Name: HP Color LaserJet CM4540 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0072
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0072
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0053
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0053
Service:
.
Class GUID:
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0073
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0073
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 M401n
Device ID: ROOT\MULTIFUNCTION\0034
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401n
PNP Device ID: ROOT\MULTIFUNCTION\0034
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CP1525nw
Device ID: ROOT\MULTIFUNCTION\0054
Manufacturer: Hewlett-Packard
Name: HP LaserJet CP1525nw
PNP Device ID: ROOT\MULTIFUNCTION\0054
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Designjet 510 42in Printer (CH337A)
Device ID: ROOT\MULTIFUNCTION\0074
Manufacturer: Hewlett-Packard
Name: HP Designjet 510 42in Printer (CH337A)
PNP Device ID: ROOT\MULTIFUNCTION\0074
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 M401n
Device ID: ROOT\MULTIFUNCTION\0035
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401n
PNP Device ID: ROOT\MULTIFUNCTION\0035
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0055
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0055
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Scanjet Enterprise 8500 fn1
Device ID: ROOT\MULTIFUNCTION\0036
Manufacturer: Hewlett-Packard
Name: HP Scanjet Enterprise 8500 fn1
PNP Device ID: ROOT\MULTIFUNCTION\0036
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0056
Manufacturer: Hewlett-Packard
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0056
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0037
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0037
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0057
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0057
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet M1536dnf MFP
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer: Hewlett-Packard
Name: HP LaserJet M1536dnf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0038
Manufacturer: Hewlett-Packard
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0038
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0058
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0058
Service:
.
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_1217&DEV_8331&SUBSYS_049A1028&REV_05\4&372C8798&0&02E5
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1217&DEV_8331&SUBSYS_049A1028&REV_05\4&372C8798&0&02E5
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CP1525nw
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: Hewlett-Packard
Name: HP LaserJet CP1525nw
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4240
Device ID: ROOT\MULTIFUNCTION\0039
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4240
PNP Device ID: ROOT\MULTIFUNCTION\0039
Service:
.
Class GUID:
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0059
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0059
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP4005
Device ID: ROOT\MULTIFUNCTION\0040
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP4005
PNP Device ID: ROOT\MULTIFUNCTION\0040
Service:
.
Class GUID:
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4015
Device ID: ROOT\MULTIFUNCTION\0060
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4015
PNP Device ID: ROOT\MULTIFUNCTION\0060
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0041
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0041
Service:
.
Class GUID:
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0061
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0061
Service:
.
Class GUID:
Description: HP Color LaserJet CM1312nfi MFP
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer:
Name: HP Color LaserJet CM1312nfi MFP
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 M401n
Device ID: ROOT\MULTIFUNCTION\0042
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401n
PNP Device ID: ROOT\MULTIFUNCTION\0042
Service:
.
Class GUID:
Description: Officejet 7500 E910
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: Officejet 7500 E910
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID:
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0062
Manufacturer:
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0062
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 500 colorMFP M570dn
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer: Hewlett-Packard
Name: HP LaserJet 500 colorMFP M570dn
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0043
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0043
Service:
.
Class GUID:
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0063
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0063
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 M401n
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401n
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Scanjet Enterprise 8500 fn1
Device ID: ROOT\MULTIFUNCTION\0044
Manufacturer: Hewlett-Packard
Name: HP Scanjet Enterprise 8500 fn1
PNP Device ID: ROOT\MULTIFUNCTION\0044
Service:
.
Class GUID:
Description: Officejet 7500 E910
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: Officejet 7500 E910
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P3010 Series
Device ID: ROOT\MULTIFUNCTION\0064
Manufacturer: Hewlett-Packard
Name: HP LaserJet P3010 Series
PNP Device ID: ROOT\MULTIFUNCTION\0064
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM4540 MFP
Device ID: ROOT\MULTIFUNCTION\0045
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM4540 MFP
PNP Device ID: ROOT\MULTIFUNCTION\0045
Service:
.
Class GUID:
Description: HP LaserJet CM1415fnw
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: HP LaserJet CM1415fnw
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
==== System Restore Points ===================
.
RP236: 12/9/2014 8:10:24 PM - Windows Update
RP237: 12/14/2014 9:16:54 PM - Windows Update
RP238: 12/17/2014 8:23:50 AM - Windows Update
RP239: 12/20/2014 10:52:03 AM - Windows Update
RP240: 12/23/2014 7:36:55 PM - Windows Update
RP241: 12/28/2014 4:16:39 PM - Windows Update
RP242: 12/28/2014 5:39:45 PM - Installed AVG 2015
RP243: 12/28/2014 5:41:47 PM - Installed AVG 2015
.
==== Installed Programs ======================
.
6000E609_eDocs
6000E609_Help
6000E609n
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 15 Plugin
Adobe Flash Player 16 ActiveX
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2015
AVG SafeGuard toolbar
BlockAndSurf
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Camtasia Studio 8
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
ConvertAd
Coupon Printer for Windows
CutePDF Writer 3.0
Cyti Web
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Dell System Detect
DeviceDiscovery
Dr.Explain
DW WLAN Card Utility
FastStone Photo Resizer 3.2
FreeScreenSharing
GamesDesktop 025.44
GeniusBox 2.0
Google Chrome
Google Update Helper
GoToAssist Customer 2.1.0.715
GoToMeeting 6.4.9.2128
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP LaserJet Professional P1100-P1560-P1600 Series
HP Officejet 6000 E609 Series
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HQ-Video-Pro-2.1cV28.12
HTML Help Workshop
iCloud
iExplorer 3.2.5.6
Intel(R) Processor Graphics
iSEEK AnswerWorks English Runtime
iTunes
j5 USB DISPLAY ADAPTER 14.05.0613.3179
Java 7 Update 71
Java Auto Updater
Jing
join.me
K-Lite Codec Pack 10.2.0 Full
Kayako Desktop
LaCie Desktop Manager 1.4.1.84
LE810
Liveistream
MagicDisc 2.7.106
Market Samurai
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Lync Web App Plug-in
Microsoft Mouse and Keyboard Center
Microsoft ODBC Driver 11 for SQL Server
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2010
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project Professional 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharePoint Designer 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 34.0 (x86 en-US)
Mozilla Maintenance Service
Mozy Restore Manager
MozyPro
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
Network64
Print@Home
ProductContext
Quicken 2012
Quicken 2013
Remote Desktop Access (VuuPC)
RemoteComms driver
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589288) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft SharePoint Designer 2010 (KB2810069) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SketchUp 2013
Skype™ 6.11
SmartWeb
SmartWebPrinting
Snagit 11
Snagit 12
SolutionCenter
Spotify
Status
Toolbox
TrayApp
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WebReg
WinCheck
Windows Live ID Sign-in Assistant
WinPatrol
WinSCP 5.1.8
Wrike Outlook Add-In
Wrike Outlook Addin
Zoomify
.
==== Event Viewer Messages From Past Week ========
.
12/29/2014 8:32:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/29/2014 8:32:35 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/29/2014 8:32:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/29/2014 8:32:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/29/2014 8:31:44 AM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the file specified.
12/29/2014 8:30:49 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain OEISTL due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/29/2014 8:25:23 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\OEISTL.com\SysVol\OEISTL.com\Policies\{29D66F69-76B8-4F8C-AC15-D2790C2A7E09}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
12/29/2014 3:51:43 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/28/2014 8:32:21 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/28/2014 5:50:16 PM, Error: Service Control Manager [7031] - The Search Protect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
12/28/2014 5:41:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/26/2014 3:40:39 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
12/23/2014 8:13:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/23/2014 8:13:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
12/23/2014 8:13:29 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am
Advertisement
Register to Remove

Re: Malware infecting web browsing

Unread postby pgmigg » December 29th, 2014, 3:34 pm

Hello silverjj,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 3:38 pm

Thanks pgmigg. I will await further instructions from you.

L
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby pgmigg » December 29th, 2014, 3:59 pm

Hello silverjj,

Step 0.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    Microsoft Security Essentials
    AVG AntiVirus 2015
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to uninstall the
    AVG AntiVirus 2015 . How to do it? Please see Step 2 below.

Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    AVG AntiVirus 2015
    AVG SafeGuard toolbar
    BlockAndSurf
    BufferChm
    ConvertAd
    Coupon Printer for Windows
    Market Samurai
    MarketResearch
    ProductContext
    Search Protect
    SmartWeb
    SmartWebPrinting
    WebReg
    WinCheck
    Zoomify

  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 4.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 5.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 6.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Contents of the JRT.txt log file
  5. Contents of a OTL.txt log file
  6. Contents of a Extras.txt log file
  7. Answers to my question related to type of using of your computer
  8. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:35 pm

I will post separate replies to this for each log file.

During the uninstall in Step 2 I was not able to successfully uninstall Zoomify.

My laptop is used for both business and personal. It is my home PC in the evening and I bring it to work during the day.

L
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:36 pm

CKFiles.txt

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.UJLBL0
----- EOF -----
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:37 pm

AdwCleaner[S0].txt

# AdwCleaner v4.106 - Report created 29/12/2014 at 16:02:02
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lulanoski - LULANOSKI-PC
# Running from : C:\Users\Lulanoski\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : servervo
[#] Service Deleted : SPPD
[#] Service Deleted : Update Cyti Web
[#] Service Deleted : Util Cyti Web
Service Deleted : {14d0f170-74e0-4cbf-843b-3db832216c50}Gw64
Service Deleted : {eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\HQ-Video-Pro-2.1cV28.12
[!] Folder Deleted : C:\Program Files (x86)\Cyti Web
Folder Deleted : C:\Program Files (x86)\gmsd_us_44
Folder Deleted : C:\Users\Lulanoski\AppData\Local\Conduit
Folder Deleted : C:\Users\Lulanoski\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Lulanoski\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Lulanoski\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Lulanoski\AppData\Local\GeniusBox
Folder Deleted : C:\Users\Lulanoski\AppData\Local\gmsd_us_44
Folder Deleted : C:\Users\Lulanoski\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lulanoski\AppData\LocalLow\zoomify
Folder Deleted : C:\Users\Lulanoski\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Lulanoski\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lulanoski\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Lulanoski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Lulanoski\Desktop\Tweaks
Folder Deleted : C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\Extensions\c6d10446ffd84587ac59c8230189@815dffea895e418f9d9fd8cf.com
File Deleted : C:\END
File Deleted : C:\Users\LULANO~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\drivers\{14d0f170-74e0-4cbf-843b-3db832216c50}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}Gw64.sys
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\searchplugins\trovi-search.xml
File Deleted : C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\user.js
File Deleted : C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\r9twx9uu.default\user.js
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Cyti Web
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Cyti Web
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901161}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902261}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905561}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906661}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904461}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4b030cae-5396-4e8d-b29f-0bc3213ab606}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901161}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{aa2fac44-d24d-4fed-9e32-397d138365f1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d240601-5e9d-4df3-b986-883e2cc9ec02}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a759d688-1674-464b-80d3-b64369d193b6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901161}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902261}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905561}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906661}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d240601-5e9d-4df3-b986-883e2cc9ec02}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a759d688-1674-464b-80d3-b64369d193b6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Cyti Web
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\zoomify
Key Deleted : HKCU\Software\AppDataLow\Software\HQ-Video-Pro-2.1cV28.12
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\HQ-Video-Pro-2.1cV28.12
Key Deleted : HKLM\SOFTWARE\Cyti Web
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Liveistream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zoomify
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-2.1cV28.12
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_44_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cyti Web

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0 (x86 en-US)

[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I4664FAEE-DA55-4A25-8C8A-EDEC3728B04E&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP36F8FD56-66D7-488[...]
[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I4664FAEE-DA55-4A25-8C8A-EDEC3728B04E&SearchSource=55&CUI=&UM=8&UP=SP36F8FD56-66D7-488E-933D[...]
[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("extensions.ac6d10446ffd84587ac59c8230189815dffea895e418f9d9fd8cfcom69061.69061.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%[...]
[gu6sq8v2.default-1401154810714\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14a9322325b90360a7408602151c4ced");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN21383731355221065&ctid=CT3306061&UM=2
[C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN21383731355221065&ctid=CT3306061&UM=2

*************************

AdwCleaner[R0].txt - [18057 octets] - [29/12/2014 15:41:10]
AdwCleaner[S0].txt - [17062 octets] - [29/12/2014 16:02:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17123 octets] ##########
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:38 pm

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Lulanoski on Mon 12/29/2014 at 16:21:11.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lulanoski\appdata\local\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Lulanoski\AppData\Roaming\mozilla\firefox\profiles\gu6sq8v2.default-1401154810714\prefs.js

user_pref("TestAddon.uri", "nrrv<))vtikiroih+eisvihu+`tcc(eik)l(vnv9s;");
Emptied folder: C:\Users\Lulanoski\AppData\Roaming\mozilla\firefox\profiles\gu6sq8v2.default-1401154810714\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/29/2014 at 16:24:00.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:39 pm

OTL.Txt

OTL logfile created on: 12/29/2014 4:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lulanoski\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.91% Memory free
15.80 Gb Paging File | 13.66 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 344.11 Gb Free Space | 73.90% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 3.08 Gb Free Space | 70.45% Space Free | Partition Type: UDF
Drive E: | 884.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LULANOSKI-PC | User Name: Lulanoski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/29 16:24:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lulanoski\Desktop\OTL.exe
PRC - [2014/12/19 11:40:46 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Lulanoski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/17 08:42:07 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/28 09:55:56 | 008,469,824 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
PRC - [2014/10/28 09:55:56 | 007,348,544 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
PRC - [2014/10/28 09:55:56 | 000,138,048 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
PRC - [2014/08/15 16:21:34 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
PRC - [2014/07/20 19:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2013/04/09 18:56:50 | 000,076,072 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Quicken\bagent.exe
PRC - [2013/04/09 11:02:59 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
PRC - [2013/04/09 11:02:59 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
PRC - [2013/04/09 11:02:59 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
PRC - [2011/05/03 17:13:18 | 000,199,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/15 00:26:33 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014/10/15 00:25:21 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/15 00:24:40 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/14 18:40:28 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/14 18:40:17 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/14 18:40:12 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/14 18:40:12 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/10/14 18:40:11 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/14 18:40:08 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/14 18:40:06 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/14 18:40:03 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/14 18:40:01 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/14 18:40:00 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/14 18:39:58 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/14 18:39:55 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/14 18:39:55 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/14 18:39:53 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/08/15 16:02:40 | 002,099,200 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
MOD - [2014/08/15 16:02:40 | 001,914,368 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
MOD - [2014/08/15 16:02:40 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
MOD - [2014/03/01 11:29:00 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/28 17:04:08 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/28 17:04:08 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/04/09 07:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/23 14:04:42 | 000,055,112 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\MozyPro\mozyprobackup.exe -- (mozyprobackup)
SRV:64bit: - [2012/09/26 18:30:48 | 000,126,880 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2012/08/28 13:20:44 | 000,313,432 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GManager.exe -- (GManager)
SRV:64bit: - [2012/02/15 13:05:08 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011/07/29 09:34:38 | 001,227,264 | ---- | M] () [Auto | Running] -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe -- (LaCieDesktopManagerService)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/17 09:24:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/04 16:11:06 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/09 14:46:58 | 000,610,888 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/05/03 17:13:18 | 000,199,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe -- (MCTDesktopSvr)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/05/13 14:59:56 | 000,159,536 | ---- | M] (Magic Control Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mctkmd64.sys -- (mctkmd)
DRV:64bit: - [2014/03/24 17:59:54 | 000,181,424 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64)
DRV:64bit: - [2014/01/20 14:05:54 | 000,429,944 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t2usb64.sys -- (t2usb64)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/21 13:59:42 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozypro.sys -- (mozyproFilter)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 15:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 13:05:08 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/02/15 13:05:06 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011/04/08 15:38:58 | 000,019,584 | ---- | M] (Magic Control Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mctKmdldr64.sys -- (mctkmdldr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/28 08:55:40 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 E1 28 78 B6 9B CF 01 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 E1 28 78 B6 9B CF 01 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 BD EF 07 2F 2F CF 01 [binary data]
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..\SearchScopes\{788977CF-BAD5-4DED-BF01-D421C1B436D6}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64464;https=127.0.0.1:64464

========== FireFox ==========

FF - prefs.js..browser.search.highlightCount: 1
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: M1uwW0%4047z8gRpK8sULXXLivB.com:11
FF - prefs.js..extensions.enabledAddons: %7Beacdcf9d-1414-4d83-9a1b-eda2e6df739c%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: c6d10446ffd84587ac59c8230189%40815dffea895e418f9d9fd8cf.com:0.95.22
FF - prefs.js..extensions.enabledAddons: sdd%40zmfpro.com:2.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@freescreensharing/detector: C:\Users\Lulanoski\AppData\Local\FreeScreenSharing\npfreesee.dll (Free Screen Sharing)
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\Lulanoski\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/02 20:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/02 20:19:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 04:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/01/16 15:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Extensions
[2014/12/29 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions
[2014/12/28 16:52:19 | 000,000,000 | ---D | M] (Zoomify) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\sdd@zmfpro.com
[2014/12/28 16:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\r9twx9uu.default\extensions
[2014/12/28 16:02:18 | 000,003,284 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\M1uwW0@47z8gRpK8sULXXLivB.com.xpi
[2014/12/28 18:06:34 | 000,007,328 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}.xpi
[2014/12/28 16:52:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\sdd@zmfpro.com\chrome\content\cache\587d4a956183fe3b8d82ff71109000d9_expire
[2014/12/28 16:52:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\sdd@zmfpro.com\chrome\content\cache\7c0022298b948a99e406a6310bffea7f_expire
[2014/12/29 15:34:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\gu6sq8v2.default-1401154810714\extensions\sdd@zmfpro.com\chrome\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire
[2014/12/28 15:30:26 | 000,007,330 | ---- | M] () (No name found) -- C:\Users\Lulanoski\AppData\Roaming\Mozilla\Firefox\Profiles\r9twx9uu.default\extensions\{eacdcf9d-1414-4d83-9a1b-eda2e6df739c}.xpi
[2014/12/04 16:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/04 16:11:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\LULANOSKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GU6SQ8V2.DEFAULT-1401154810714\EXTENSIONS\C6D10446FFD84587AC59C8230189@815DFFEA895E418F9D9FD8CF.COM

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Connect DLC 5 = C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.31.4.510_0\
CHR - Extension: Connect DLC 5 = C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.31.4.510_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Lulanoski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..\Toolbar\WebBrowser: (no name) - {41525333-2D56-3700-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [LaCie Desktop Manager Startup] C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe ()
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [Spotify] C:\Users\Lulanoski\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [Spotify Web Helper] C:\Users\Lulanoski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lulanoski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-489001533-4226623766-2752304091-1000\..Trusted Domains: offess.info ([sp] http in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXc ... atgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OEISTL.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C6CF32-896D-4E11-B392-A13A6FBE7E20}: DhcpNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14304DF0-78E2-4C2C-8CF4-94BD65EB2885}: DhcpNameServer = 10.1.4.73 10.2.4.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3237F8-0FF6-4759-8C59-10154DB43A7B}: DhcpNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A930C58-394E-44A3-9AC8-B0223AA4124C}: DhcpNameServer = 192.168.1.99 64.89.70.2 64.89.74.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/13 10:17:36 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{af02b326-7936-11e2-a4f9-d067e552907a}\Shell - "" = AutoRun
O33 - MountPoints2\{af02b326-7936-11e2-a4f9-d067e552907a}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/06/05 08:16:44 | 000,464,248 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{af02b326-7936-11e2-a4f9-d067e552907a}\Shell\configure\command - "" = E:\setup.exe -- [2010/06/05 08:16:44 | 000,464,248 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{af02b326-7936-11e2-a4f9-d067e552907a}\Shell\install\command - "" = E:\setup.exe -- [2010/06/05 08:16:44 | 000,464,248 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/29 16:24:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lulanoski\Desktop\OTL.exe
[2014/12/29 16:21:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/29 16:08:30 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\Desktop\New folder
[2014/12/29 15:40:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/28 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Roaming\WinPatrol
[2014/12/28 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/12/28 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ruiware
[2014/12/28 20:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/12/28 17:45:39 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Roaming\TuneUp Software
[2014/12/28 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Local\MFAData
[2014/12/28 17:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/12/28 16:55:44 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream
[2014/12/28 16:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
[2014/12/28 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Liveistream
[2014/12/28 16:55:39 | 001,526,248 | ---- | C] (HQ-VideoV28.12) -- C:\Users\Lulanoski\AppData\Roaming\ED.exe
[2014/12/28 16:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\156a4896-2712-4230-b427-dbda1b6440b3
[2014/12/28 16:54:53 | 001,848,808 | ---- | C] (HQ-VideoV28.12) -- C:\Users\Lulanoski\AppData\Roaming\DVOPAQI.exe
[2014/12/28 16:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\zoomify_29
[2014/12/19 11:40:53 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Local\Spotify
[2014/12/19 11:39:37 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\AppData\Roaming\Spotify
[2014/12/17 09:03:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/17 08:27:39 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/12/17 08:27:38 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/12/10 09:41:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/12/10 09:41:37 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/12/10 09:41:35 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/12/10 09:41:34 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/12/10 09:41:34 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/12/10 09:41:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/12/10 09:41:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/12/10 09:41:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/12/10 09:41:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/12/10 09:41:33 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/12/10 09:41:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/12/10 09:41:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/12/10 09:41:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/12/10 09:41:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/12/10 09:41:32 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/12/10 09:41:32 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/12/10 09:41:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/12/10 09:41:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/12/10 09:41:32 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/12/10 09:41:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/12/10 09:41:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/12/10 09:41:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/12/10 09:41:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/12/10 09:41:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/12/10 09:41:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/12/10 09:41:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/12/10 09:40:44 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014/12/10 09:40:43 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/10 09:40:43 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/10 09:40:43 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/10 09:40:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/10 09:40:40 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/10 09:40:40 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/10 09:40:32 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/10 09:40:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/12/10 09:40:06 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014/12/10 09:40:05 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014/12/10 09:40:03 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014/12/10 09:40:03 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014/12/10 09:40:03 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014/12/10 09:40:02 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/12/10 09:40:02 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/12/10 09:40:02 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/12/10 09:40:02 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014/12/10 09:40:02 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/12/09 19:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1214tb
[2014/12/04 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Lulanoski\Documents\eBay
[2014/12/04 16:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Users\Lulanoski\AppData\Local\*.tmp files -> C:\Users\Lulanoski\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/29 16:24:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lulanoski\Desktop\OTL.exe
[2014/12/29 16:13:42 | 000,035,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/29 16:13:42 | 000,035,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/29 16:05:08 | 000,002,811 | ---- | M] () -- C:\Windows\SysNative\GManager.ini
[2014/12/29 16:04:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/29 16:04:09 | 2066,518,015 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/29 15:46:55 | 000,010,556 | ---- | M] () -- C:\Windows\mozypro.blk
[2014/12/29 15:46:55 | 000,002,344 | ---- | M] () -- C:\Windows\mozypro.flt
[2014/12/29 08:38:01 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/29 08:38:01 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/29 08:38:01 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/29 08:29:35 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Tempo Runner coz64host.job
[2014/12/29 08:29:35 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Tempo Runner cozahost.job
[2014/12/28 20:47:12 | 000,002,330 | ---- | M] () -- C:\Windows\patsearch.bin
[2014/12/28 20:20:30 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/12/28 17:42:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf
[2014/12/28 16:55:39 | 001,526,248 | ---- | M] (HQ-VideoV28.12) -- C:\Users\Lulanoski\AppData\Roaming\ED.exe
[2014/12/28 16:54:53 | 001,848,808 | ---- | M] (HQ-VideoV28.12) -- C:\Users\Lulanoski\AppData\Roaming\DVOPAQI.exe
[2014/12/28 16:52:29 | 000,000,064 | ---- | M] () -- C:\Users\Lulanoski\AppData\Local\7e13e5adeda84df226b5f59cd9c4af36
[2014/12/17 09:24:20 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/17 09:24:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/15 18:28:16 | 003,465,216 | ---- | M] () -- C:\Users\Lulanoski\Documents\Database64.accdb
[2014/12/08 10:20:56 | 000,958,464 | ---- | M] () -- C:\Users\Lulanoski\Documents\Database63.accdb
[2014/12/06 13:44:54 | 013,258,752 | ---- | M] () -- C:\Users\Lulanoski\Documents\Database62.accdb
[2014/12/03 20:50:55 | 000,413,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/12/03 20:50:45 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014/12/03 20:50:40 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/12/03 20:50:38 | 000,830,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014/12/03 20:50:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/12/03 20:50:37 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/12/03 20:44:48 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/12/01 17:28:44 | 001,232,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[1 C:\Users\Lulanoski\AppData\Local\*.tmp files -> C:\Users\Lulanoski\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/29 08:29:04 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Tempo Runner cozahost.job
[2014/12/29 08:28:58 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\Tempo Runner coz64host.job
[2014/12/28 17:42:30 | 000,002,330 | ---- | C] () -- C:\Windows\patsearch.bin
[2014/12/28 17:42:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf
[2014/12/28 16:52:29 | 000,000,064 | ---- | C] () -- C:\Users\Lulanoski\AppData\Local\7e13e5adeda84df226b5f59cd9c4af36
[2014/12/19 11:40:52 | 000,001,815 | ---- | C] () -- C:\Users\Lulanoski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/12/15 16:23:23 | 003,465,216 | ---- | C] () -- C:\Users\Lulanoski\Documents\Database64.accdb
[2014/12/08 09:26:08 | 000,958,464 | ---- | C] () -- C:\Users\Lulanoski\Documents\Database63.accdb
[2014/12/04 22:12:57 | 013,258,752 | ---- | C] () -- C:\Users\Lulanoski\Documents\Database62.accdb
[2014/09/01 02:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Lulanoski\AppData\Roaming\ED
[2014/09/01 02:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Lulanoski\AppData\Roaming\DVOPAQI
[2014/07/23 15:08:26 | 000,437,528 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll
[2014/07/23 15:08:26 | 000,052,504 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll
[2014/07/23 15:04:06 | 000,003,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/25 09:45:28 | 000,003,754 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2014/01/05 16:33:03 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/01/05 11:23:03 | 000,000,600 | ---- | C] () -- C:\Users\Lulanoski\AppData\Roaming\winscp.rnd
[2013/12/25 21:49:26 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/23 23:20:37 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat.temp
[2013/12/20 15:08:18 | 000,000,125 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/17 14:40:23 | 000,417,280 | ---- | C] () -- C:\Windows\SysWow64\hpcc3140.dll
[2013/04/09 11:02:42 | 000,060,864 | ---- | C] () -- C:\Users\Lulanoski\g2mdlhlpx.exe
[2013/03/27 11:20:58 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013/03/27 11:20:45 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2013/03/02 20:15:53 | 000,222,893 | ---- | C] () -- C:\Windows\hpwins24.dat
[2013/03/02 20:15:53 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2013/02/20 17:01:06 | 000,006,144 | ---- | C] () -- C:\Users\Lulanoski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/18 20:53:27 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/23 12:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\Kayako
[2013/02/21 00:11:52 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2014/01/05 17:50:42 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\MPC-HC
[2014/07/18 13:33:32 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\Oracle
[2013/12/25 21:53:20 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\SketchUp
[2014/12/29 16:08:08 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\Spotify
[2013/02/20 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\TechSmith
[2014/12/28 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\TuneUp Software
[2013/06/06 12:20:52 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\webex
[2014/12/28 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\WinPatrol
[2014/10/27 20:51:29 | 000,000,000 | ---D | M] -- C:\Users\Lulanoski\AppData\Roaming\Wrike

========== Purity Check ==========



< End of report >
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 6:39 pm

Extras.txt

OTL Extras logfile created on: 12/29/2014 4:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lulanoski\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.91% Memory free
15.80 Gb Paging File | 13.66 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 344.11 Gb Free Space | 73.90% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 3.08 Gb Free Space | 70.45% Space Free | Partition Type: UDF
Drive E: | 884.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LULANOSKI-PC | User Name: Lulanoski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F9885-AE33-4BD9-9DA0-44809EC28161}" = lport=10243 | protocol=6 | dir=in | app=system |
"{028AB09F-3D8E-44C4-AD5A-2D96041963FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CEC537E-3AA7-45F2-97AC-9AAA02E79CA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D835AC5-3D5C-4ABE-B899-6026E764A970}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26E76E1B-D293-464A-B566-8FD3FD571B9E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{2EBBA2DC-C3E4-44B6-ACA6-1C9E374F3E99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32795329-9C01-45A6-93BF-7709F3EAED32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{352D5BCF-2013-4ACA-92F8-000DC3FE9671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39470742-466A-4DD1-AC6C-8EF4A6D524EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{486CBF2B-C9FC-4D7C-BD4D-8E00ACB3F51F}" = lport=8298 | protocol=6 | dir=in | name=techsmith snagit |
"{4B5972F3-228F-4AD0-A6A1-5EEC4FBFB6C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4CCDC10B-D9A2-42CF-91FB-2647574EE36A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D9A44CB-3595-4F29-A6C2-53351D6A9F2B}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{5117C107-18F8-4C02-B404-27EC7A8F09FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59FE4B0C-87F0-4C76-B24C-8899515245B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C23B285-EC11-4B92-820A-6298A65FF501}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D97836C-C809-47BE-8DB9-3AEEC879CCDC}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EFF9736-D887-4E18-A812-6A7CBAADA752}" = lport=445 | protocol=6 | dir=in | app=system |
"{6897AF4A-97F7-423B-A626-6EDC7924A873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D00B914-3BAB-4A17-A263-ED4F7A81C875}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F99159B-D08A-4E8F-8D07-C50407A5FEB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{76CC347C-CD20-4287-9B22-9F979745001C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79A958C4-10A2-42BA-A5D6-76F6B5182595}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B6288BB-A2A7-4F86-A7C7-9FB0EF09DA69}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{80E4923F-583B-44D1-AE62-60BFF5E95F5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88FB39AD-8F38-4AAA-8781-F8B729B05CA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9245D073-D20D-4132-BDE8-FFBC2FB50AEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{971DF34C-B454-4E1A-B472-837F10DB6971}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E03A072-C91E-435C-A170-9529EF9B9759}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A01F32C5-7AA0-42BC-A56F-E7A492A6D30C}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{C9FDC858-0AA0-496C-970C-1E052B903844}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{D3A31E53-F29F-48B9-946D-B5BF50C3A477}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA14D77D-CC98-4EA5-BEF7-738FABDFCE16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1A61A00-9D7C-48F7-865E-641AB053F063}" = lport=139 | protocol=6 | dir=in | app=system |
"{E98211A4-B5C5-4C13-930B-30453018EA34}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEEF389C-3ABE-43FF-BA39-E0FC972F11B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F9750426-6C39-46C0-8FA1-E11A166297AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC384489-EE38-436C-A6E5-6C096F287BCB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B5A171-342C-4082-BE1F-FDC3A1C70DC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{012445DB-2AB9-4F10-B5FC-4B45895AF19F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BC6B92F-5FA9-44E2-A0AF-D33B0920EADA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1D5D5827-0828-4293-8681-B71F651B08F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1D673212-2EE3-4E06-A3C9-E93B7682D9C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20F27294-7557-4FE0-939C-46A58F25717D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{25D590CD-03AF-4D3B-AC8C-9BB4494BF8E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2A962C38-8340-4F02-A29F-2D0CFFA759A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3252F9BB-BD31-4F5E-9AD5-951B8975F19F}" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\local\temp\7zs1552\easyinst64.exe |
"{3A283DC3-B184-44F0-B130-8290D89FAE41}" = dir=in | app=c:\programdata\zoomify_29\1.1.0.29\cozaghost.exe |
"{405A0CE0-AC37-4BB4-919F-39D3256C6478}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{4382C961-7F28-4A1B-924B-EC61F0399896}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{467E44AA-ED19-463E-82CA-6AAAE479F046}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{53B6AA8B-11A6-4DD7-9868-9A603594A16F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5550BEBB-5DA6-4103-A1F2-2CCE8E456B63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5571FDF3-867A-43EC-84E4-19C4AD0E843D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{572F5543-8C0C-4115-94E8-9C9E3022AB07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5B32C7A8-FD23-403E-869F-AA035494F572}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5F57FB2C-17F1-4FCF-924F-81022F5AC0EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{64E9AD2F-6EAD-4615-9255-BFFE6E60903B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{66FF5F78-ADBC-44B8-827E-68D7D590F814}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6930585F-A656-4003-B981-D8222FDA9DCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F40AD20-FB29-4013-AD1F-AB23B306BCAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70017771-F8EF-4C39-B433-AE6C364203E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{74018AA7-7D1D-43A1-832D-784F6F6039D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{775117B6-16BF-4E38-BFAB-535B1C79382C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78E91B42-CF45-445C-84EB-29381DCD234C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{790E2DC9-E6EB-4412-8331-09D266AAE5B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{80738E01-D5C9-41CF-8E58-8779CDD6AE53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84E16A77-1250-4735-A5EA-F9B0D6688950}" = protocol=17 | dir=in | app=c:\programdata\zoomify_29\1.1.0.29\cozaghost.exe |
"{876C5EB5-0D43-4F39-8663-C9AF65D3E389}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{880E161C-70AD-4FB4-BF82-ABCB68A4D74F}" = protocol=17 | dir=in | app=c:\programdata\zoomify_29\1.1.0.29\cozaghost.exe |
"{9B741C93-08F1-4224-BCBE-D320FD3E5400}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BD14D0C-4054-4133-AF3A-2C7745718EC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{7791308c-85fb-43b9-93f2-7de9cb7d5c4a}\setup\hpznui40.exe |
"{A214C3E9-42FF-4393-BF04-C7456A1F4015}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2C3D420-C083-49D8-82CD-24B0D63FB303}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{ACCAB17B-84FC-4B87-8B5C-1E441437D44A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B118E754-EABA-4338-8261-2FE0D167DD37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC44272E-855B-48C4-8F6D-2E4EB13A6808}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{CAB23BBE-16F8-482E-AC7F-379A89B62565}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{CF3C9312-5BCB-4D5F-889F-D1D821BB5739}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{D4BCEE6A-A3E0-4A16-B079-8AE64164816E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{D7ED9373-96E9-4F08-A958-3F3CC1DE351C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{DC9AF91F-1F61-47D6-AA7C-CECA433E7D60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{DD147236-3284-4640-AD14-872B11009C54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E2B99793-93B1-4D08-A2F4-291F371E8937}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4A12E5F-FB34-4C1E-94ED-395F5F80384B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E51044AB-E312-4A82-8705-E2ABD0157AC6}" = protocol=6 | dir=in | app=c:\programdata\zoomify_29\1.1.0.29\cozaghost.exe |
"{E60E64F4-E508-4B0C-B979-C381221FD35F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{EA32665E-28B6-4480-BF05-1591ED255AEA}" = protocol=6 | dir=in | app=c:\programdata\zoomify_29\1.1.0.29\cozaghost.exe |
"{EC03120B-8A99-476D-95EA-BC4F413ED200}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{ED040441-B3BE-4D7B-B68C-7327F364E1A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EED50EAF-D24B-4294-9945-A48858124168}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFFD9A45-6D3B-48EB-9E73-385A0494FEE0}" = protocol=6 | dir=out | app=system |
"{F02772AC-C3F8-49C4-BAF2-2379E83916B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F222A91A-D8BF-4924-A1EA-450FF655857B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8ADCFFC-C809-4645-A8CD-A3E79B309535}" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\local\temp\7zs1552\easyinst64.exe |
"{F9A89F4D-64EC-480A-B36E-2E2F6ECA00CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{394C05AF-9596-4A77-AB9E-4ACFCDB1DBE8}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"TCP Query User{61036461-443A-4EAC-A3B8-35A45B58D87E}C:\program files (x86)\kayako\desktop\kayakodesktop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kayako\desktop\kayakodesktop.exe |
"TCP Query User{7D04ECFA-065D-47E4-A004-9F1197064E45}C:\users\lulanoski\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\roaming\spotify\spotify.exe |
"TCP Query User{951F5AD2-4928-425E-94B5-713B3328DF70}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"TCP Query User{A4B659D0-1E55-4517-90E1-016E69F84FBE}C:\users\lulanoski\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C5E3356E-599D-40B1-A596-A00790F9E175}C:\users\lulanoski\appdata\local\freescreensharing\freescreensharing.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\local\freescreensharing\freescreensharing.exe |
"TCP Query User{D3B6D5AD-8808-4BFB-841B-B699A04A8DAB}C:\program files (x86)\kayako\desktop\kayakodesktop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kayako\desktop\kayakodesktop.exe |
"TCP Query User{EC0552A3-DD88-4D6A-BA87-1C01B5DF456F}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"UDP Query User{1775D784-211C-452E-B48F-71B57F93A277}C:\users\lulanoski\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2C0F4EE3-0970-4343-BA12-5C4090FB5A74}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"UDP Query User{5CF78AE0-5B1B-411D-AF44-1E51D7DE3ABA}C:\program files (x86)\kayako\desktop\kayakodesktop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kayako\desktop\kayakodesktop.exe |
"UDP Query User{93E54E7F-FFBC-4AF5-B368-FB629CC43212}C:\users\lulanoski\appdata\local\freescreensharing\freescreensharing.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\local\freescreensharing\freescreensharing.exe |
"UDP Query User{93F9C546-22E0-44E9-90D3-0207772CB6F7}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"UDP Query User{9A1043DE-C373-40D4-AD82-D26BCAAD7DB2}C:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
"UDP Query User{C5A1AA25-0A3A-49F9-AA2E-C74026E795C6}C:\program files (x86)\kayako\desktop\kayakodesktop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kayako\desktop\kayakodesktop.exe |
"UDP Query User{D720110F-AE55-40A4-86FD-B8F76C50C31B}C:\users\lulanoski\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lulanoski\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{3138F992-045B-4F55-825C-53B231E647CA}" = 64 Bit HP CIO Components Installer
"{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1" = LaCie Desktop Manager 1.4.1.84
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90364998-313A-3756-6761-D42BEEF2EAC5}" = MozyPro
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFEF7F89-A8EF-440A-8CBF-90BE1B7DFB7A}" = Microsoft Lync Web App Plug-in
"{CB282CA5-CB3E-4D99-825D-23A2F44BF600}" = Microsoft ODBC Driver 11 for SQL Server
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"CutePDF Writer Installation" = CutePDF Writer 3.0
"DW WLAN Card Utility" = DW WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{123D4082-3194-4191-9139-067E9157C2B2}" = Print@Home
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{389F8A7A-8611-42E8-8169-20D2BAF0C595}" = Microsoft Office Live Meeting 2007
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{43BEEE26-01A8-4EEE-8632-2353261E3B55}" = RemoteComms driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BA0D87A-31C7-4555-8E40-3EADB726D793}" = Mozy Restore Manager
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{693E7593-13C6-4626-8EDF-5AAC9BAEBB67}" = Wrike Outlook Addin
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CE9DCAC-2A95-4C3F-B9B0-D07D07CF350C}" = LE810
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.5.6
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = j5 USB DISPLAY ADAPTER 14.05.0613.3179
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90D0FC4B-D653-4F49-BB97-A48C74A52E71}" = Snagit 11
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}" = Snagit 12
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B75BC01B-4586-43F8-9349-D250DB98F26F}" = SketchUp 2013
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D465F44F-29FF-4A7A-A114-427E44C355DE}" = 6000E609n
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.22beta
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Dr.Explain_is1" = Dr.Explain
"FastStone Photo Resizer" = FastStone Photo Resizer 3.2
"GeniusBox" = GeniusBox 2.0
"Google Chrome" = Google Chrome
"GoToAssist Express Customer" = GoToAssist Customer 2.1.0.715
"HP Photo Creations" = HP Photo Creations
"HTML Help Workshop" = HTML Help Workshop
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Full
"LiveResponse" = Kayako Desktop
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"winscp3_is1" = WinSCP 5.1.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-489001533-4226623766-2752304091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8cf30167-0a1b-4489-a3ec-c0cb05ff5f44}" = Wrike Outlook Add-In
"9204f5692a8faf3b" = Dell System Detect
"FreeScreenSharing" = FreeScreenSharing
"GoToMeeting" = GoToMeeting 6.4.9.2128
"JoinMe" = join.me
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Broadcom Wireless LAN Events ]
Error - 11/2/2014 11:16:45 AM | Computer Name = Lulanoski-PC.OEISTL.com | Source = WLAN-Tray | ID = 0
Description = 09:16:45, Sun, Nov 02, 14 Error - Unable to set enhanced country code


Error - 12/8/2014 9:23:45 PM | Computer Name = Lulanoski-PC.OEISTL.com | Source = WLAN-Tray | ID = 0
Description = 19:23:45, Mon, Dec 08, 14 Error - Unable to set enhanced country code



< End of report >
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby silverjj » December 29th, 2014, 9:42 pm

And I thought it was better but I'm seeing adds pop up in browser referencing reimageplus.com
silverjj
Active Member
 
Posts: 9
Joined: December 29th, 2014, 10:38 am

Re: Malware infecting web browsing

Unread postby NonSuch » December 30th, 2014, 1:24 am

It is the policy of this site that our volunteers do not assist with computers on which pirated, counterfeit, and/or cracked software is installed. Therefore, this topic will be closed.

You are hereby strongly cautioned against attempting to circumvent this site's policies by starting a new topic for this computer in our Malware Removal forum.


This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware