slow computer


Recommended Posts

Hi we souldn't have to do a restore to factory ! Ok lets get started !!!

 

Howdy egans and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

 

Thanks
Chuck

Link to post
Share on other sites

Some of these programs/tools will seem like they have stopped but they are still running ! Wait for them to finish then post the logs !! Then go to the next in my fix above !

 

 

Chuck

Link to post
Share on other sites

Hi, ok finally got that mess re-done frm the PM !!

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.04.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Shaneen Egan :: SE [administrator] Protection: Enabled 1/4/2014 2:57:10 PM mbam-log-2014-01-04 (14-57-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238274 Time elapsed: 17 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 54 HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
(PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MyScrapNook_12
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\AppID\WStech.DLL (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Detected: 4 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data: C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2190&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 2 C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully. Files Detected: 8 C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Shaneen Egan\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Shaneen Egan\Downloads\intunemp3.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\Instructions.ini (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\cookies.sqlite (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\ProgramData\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully. (end)

==============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows Vista Home Premium x64 Ran by Shaneen Egan on Sat 01/04/2014 at 14:17:01.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~
Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL Successfully repaired:
[Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1 Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Successfully deleted:
[Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Successfully deleted:
[Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{48450F17-FCC9-46B6-88A8-24265FC52D52} Successfully deleted:
[Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted:
[Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} ~~~ Files ~~~ Folders Successfully deleted:
[Folder] C:\Users\Shaneen Egan\AppData\LocalLow\FCTB000061107 Successfully deleted:
[Folder] "C:\Users\Shaneen Egan\AppData\Roaming\w3i, llc" Successfully deleted:
[Folder] "C:\Users\Shaneen Egan\appdata\local\software assist" Successfully deleted:
[Folder] "C:\Program Files (x86)\bearshare applications" Successfully deleted:
[Folder] "C:\Program Files (x86)\software assist" Successfully deleted:
[Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2C0F4991-C5B8-426C-8B79-C0D41032E252} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2FAEA52C-C543-449E-8D19-C55FE0ECADC6} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{52026404-3499-4561-98B1-014AF83E83E3} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{544FEAA5-E1F2-4121-AEC7-350080B760D1} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{55B9C99A-5046-41D0-811B-3CBB0D948BF2} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{7C475FCF-DA36-4FB2-97E0-71E3746DEB77} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{81392F59-AAAA-482C-ABC5-E5D56A759BAB} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{8903CC07-ABF6-4FC8-B166-AFC3EEC25164} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{B9FE84F1-5A82-4E1B-A765-FC896F99FDBF} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CA21E2C8-5F48-44F4-ACB9-D81F379E65A3} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CB419957-8E9E-4D78-9776-2D36F3213963} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{E2C9B123-3878-413A-A9CD-5FF701321C2A} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{F434992A-57D3-4442-ADA7-DDF757CED687} Successfully deleted:
[Empty Folder] C:\Users\Shaneen Egan\appdata\local\{FF014F0C-774A-4159-88C9-56631D8D0A67}

~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~ Scan was completed on Sat 01/04/2014 at 14:34:35.05 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

================================

 

 

 

 

 


~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows Vista Home Premium x64 Ran by Shaneen Egan on Sat 01/04/2014 at 14:17:01.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{48450F17-FCC9-46B6-88A8-24265FC52D52} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Shaneen Egan\AppData\LocalLow\FCTB000061107 Successfully deleted: [Folder] "C:\Users\Shaneen Egan\AppData\Roaming\w3i, llc" Successfully deleted: [Folder] "C:\Users\Shaneen Egan\appdata\local\software assist" Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications" Successfully deleted: [Folder] "C:\Program Files (x86)\software assist" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2C0F4991-C5B8-426C-8B79-C0D41032E252} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{2FAEA52C-C543-449E-8D19-C55FE0ECADC6} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{52026404-3499-4561-98B1-014AF83E83E3} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{544FEAA5-E1F2-4121-AEC7-350080B760D1} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{55B9C99A-5046-41D0-811B-3CBB0D948BF2} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{7C475FCF-DA36-4FB2-97E0-71E3746DEB77} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{81392F59-AAAA-482C-ABC5-E5D56A759BAB} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{8903CC07-ABF6-4FC8-B166-AFC3EEC25164} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{B9FE84F1-5A82-4E1B-A765-FC896F99FDBF} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CA21E2C8-5F48-44F4-ACB9-D81F379E65A3} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{CB419957-8E9E-4D78-9776-2D36F3213963} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{E2C9B123-3878-413A-A9CD-5FF701321C2A} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{F434992A-57D3-4442-ADA7-DDF757CED687} Successfully deleted: [Empty Folder] C:\Users\Shaneen Egan\appdata\local\{FF014F0C-774A-4159-88C9-56631D8D0A67} ~~~ Event Viewer Logs were cleared

 

 

 

===============================

 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.04.06

 

Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Shaneen Egan ::
SE [administrator] Protection: Enabled 1/4/2014 2:57:10 PM mbam-log-2014-01-04 (14-57-10).
txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned:
 238274 Time elapsed: 17 minute(s), 2 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 54 HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SettingsPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.PseudoTransparentPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.Radio
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
(PUP.Optional.FunWebProducts.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.DynamicBarButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.FeedManager.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLMenu.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.HTMLPanel.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.MultipleButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.RadioSettings.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ScriptButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncher.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.SkinLauncherSettings.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.ThirdPartyInstaller.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.UrlAlertButton.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCR\MyScrapNook_12.XMLSessionPlugin.1
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MyScrapNook_12
(PUP.Optional.MyScrapNook.A) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin
(PUP.Optional.MyScrapNook.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DBD8CB-DF8A-4992-A655-B155216F6AFB} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\AppID\WStech.DLL (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected:
4 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data:
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe|Debugger (Security.Hijack) -> Data:
svchost.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data:
svchost.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data:
svchost.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2190&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 2 C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\ProgramData\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.
Files Detected: 8 C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.
OpenCandy) -> No action taken. C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe
(PUP.Optional.OpenCandy) -> No action taken. C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe
(PUP.Optional.Bandoo) -> No action taken. C:\Users\Shaneen Egan\Downloads\iLividSetup.exe
(PUP.Optional.Bandoo) -> No action taken. C:\Users\Shaneen Egan\Downloads\intunemp3.exe
(PUP.Optional.InstallIQ.A) -> No action taken. C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\Instructions.ini (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\AppData\Roaming\Best Malware Protection\cookies.sqlite (Rogue.BestMalwareProtection) -> Quarantined and deleted successfully.
C:\ProgramData\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully. (end)

 

 

 

Wow, that was some cleaning but i see more we have to do !!

 

Be back after i eat with a new fix !!

 

Thanks

Chuck

Link to post
Share on other sites

Hi egans, i need you to run Malwarebytes again make sure you place a check in the box beside everything it finds, then click REMOVE SELECTED & post the log here if you can !!!

 

Then Next:

 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

 

 

 

 

NEXT

 

 

 

 

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

 

 

 

 

 

 

NEXT

 

 

 

 

 

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:

1. Malwarebytes log

2. RogueKiller log

3. DDS logs

4. OTL log

 

thanks

Chuck

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.04.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Shaneen Egan :: SE [administrator]

Protection: Enabled

1/4/2014 8:44:19 PM
mbam-log-2014-01-04 (20-44-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238077
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 48
HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SettingsPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SettingsPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.PseudoTransparentPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.PseudoTransparentPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.Radio.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.Radio (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncher (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncher.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncherSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncherSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyScrapNook_12 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data: C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Shaneen Egan\Downloads\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\Downloads\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Shaneen Egan\Downloads\intunemp3.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Shaneen Egan [Admin rights]
Mode : Scan -- Date : 01/04/2014 21:08:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] FGRun : C:\Users\Shaneen - Egan\AppData\Roaming\pack.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVS-60UST0 +++++
--- User ---
[MBR] 0ca105ab91de89c4bd56e21663885732
[bSP] 5e5983554871d978d57052f9a23d949c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225333 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461483190 | Size: 13139 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01042014_210820.txt >>

 

 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2008 2:51:59 AM
System Uptime: 1/4/2014 8:13:47 PM (1 hours ago)
.
Motherboard: Quanta |  | 30CC
Processor: Intel® Core2 Duo CPU     T5750  @ 2.00GHz | U2E1 | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 129.067 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0039
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0042
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0042
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0045
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #11
PNP Device ID: ROOT\*ISATAP\0045
Service: tunnel
.
==== System Restore Points ===================
.
RP731: 12/30/2013 3:00:36 AM - Windows Update
RP732: 1/4/2014 10:51:47 AM - Windows Update
.
==== Installed Programs ======================
.
4500_Help
64 Bit HP CIO Components Installer
Acrobat.com
AddThis Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
bSaving
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
CheckIt Diagnostics
CustomerResearchQFolder
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
DVD Suite
EA Link
eSupportQFolder
Facebook Video Calling 1.2.0.287
Fast Browser Search (My Web Tattoo)
Fast Browser Search Protection
Fax
FilmFanatic Toolbar
FrostWire 4.21.7
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Document Manager 1.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C3
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HP User Guides 0087
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iCloud
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod for Windows 2005-09-23
iTunes
J4500
Java 6 Update 17
Java 6 Update 2
Junk Mail filter update
LabelPrint
LightScribe System Software  1.10.13.1
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
MediaBar
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Motorola SM56 Speakerphone Modem
MSVCRT
MSVCRT_amd64
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
My Scrap Nook Toolbar
Norton Cleanup
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton Utilities
OCR Software by I.R.I.S. 10.0
PANTECH PC USB Modem Software
Power2Go
PowerDirector
ProductContext
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Segoe UI
Shop for HP Supplies
ShopAtHome SelectRebates
Skype Click to Call
Skypeâ„¢ 6.1
Slingbox Flash Tour
SlingPlayer
SmartWebPrintingOC
Software Assist
SolutionCenter
SPBBC 64bit
Spelling Dictionaries Support For Adobe Reader 9
Status
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
The Simsâ„¢ Life Stories
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VideoToolkit01
VZAccess Manager
WeatherBug Gadget
WebReg
Windows Driver Package - Intel USB  (08/05/2009 9.1.1.1016)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
1/4/2014 8:17:18 PM, Error: Service Control Manager [7034]  - The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).
1/4/2014 8:16:06 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
1/4/2014 8:14:21 PM, Error: EventLog [6008]  - The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Tablet PC Input Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The ReadyBoost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2008 2:51:59 AM
System Uptime: 1/4/2014 8:13:47 PM (1 hours ago)
.
Motherboard: Quanta |  | 30CC
Processor: Intel® Core2 Duo CPU     T5750  @ 2.00GHz | U2E1 | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 129.067 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0039
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0042
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0042
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0045
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #11
PNP Device ID: ROOT\*ISATAP\0045
Service: tunnel
.
==== System Restore Points ===================
.
RP731: 12/30/2013 3:00:36 AM - Windows Update
RP732: 1/4/2014 10:51:47 AM - Windows Update
.
==== Installed Programs ======================
.
4500_Help
64 Bit HP CIO Components Installer
Acrobat.com
AddThis Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
bSaving
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
CheckIt Diagnostics
CustomerResearchQFolder
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
DVD Suite
EA Link
eSupportQFolder
Facebook Video Calling 1.2.0.287
Fast Browser Search (My Web Tattoo)
Fast Browser Search Protection
Fax
FilmFanatic Toolbar
FrostWire 4.21.7
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Document Manager 1.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C3
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HP User Guides 0087
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iCloud
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod for Windows 2005-09-23
iTunes
J4500
Java 6 Update 17
Java 6 Update 2
Junk Mail filter update
LabelPrint
LightScribe System Software  1.10.13.1
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
MediaBar
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Motorola SM56 Speakerphone Modem
MSVCRT
MSVCRT_amd64
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
My Scrap Nook Toolbar
Norton Cleanup
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton Utilities
OCR Software by I.R.I.S. 10.0
PANTECH PC USB Modem Software
Power2Go
PowerDirector
ProductContext
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Segoe UI
Shop for HP Supplies
ShopAtHome SelectRebates
Skype Click to Call
Skypeâ„¢ 6.1
Slingbox Flash Tour
SlingPlayer
SmartWebPrintingOC
Software Assist
SolutionCenter
SPBBC 64bit
Spelling Dictionaries Support For Adobe Reader 9
Status
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
The Simsâ„¢ Life Stories
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VideoToolkit01
VZAccess Manager
WeatherBug Gadget
WebReg
Windows Driver Package - Intel USB  (08/05/2009 9.1.1.1016)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
1/4/2014 8:17:18 PM, Error: Service Control Manager [7034]  - The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).
1/4/2014 8:16:06 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
1/4/2014 8:14:21 PM, Error: EventLog [6008]  - The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Tablet PC Input Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The ReadyBoost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/4/2014 5:55:49 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526
Run by Shaneen Egan at 21:23:00 on 2014-01-04
Microsoft® Windows Vistaâ„¢ Home Premium   6.0.6002.2.1252.1.1033.18.4085.2096 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - <orphaned>
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files (x86)\AddThis Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} -

TCP: NameServer = 72.21.70.3 67.215.21.202 192.168.1.1
TCP: Interfaces\{04B8D4CB-A835-4570-A68A-565138A1B901} : DHCPNameServer = 67.215.21.202 72.21.70.3
TCP: Interfaces\{F7068BD0-F121-4F56-B3AD-BCAD04EB4BB7} : DHCPNameServer = 72.21.70.3 67.215.21.202 192.168.1.1
Filter: text/html - <Clsid value has no data>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/html - <Clsid value has no data>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-4 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-4 25928]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe --> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [?]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-6-19 3148288]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-30 10:00:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-30 10:00:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-01 21:42:38 90708896 ----a-w- C:\Windows\System32\mrt.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll
2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll
2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys
2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe
2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe
2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe
.
============= FINISH: 21:23:59.37 ===============
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526
Run by Shaneen Egan at 21:24:19 on 2014-01-04
Microsoft® Windows Vistaâ„¢ Home Premium   6.0.6002.2.1252.1.1033.18.4085.2018 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - <orphaned>
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files (x86)\AddThis Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files (x86)\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} -

TCP: NameServer = 72.21.70.3 67.215.21.202 192.168.1.1
TCP: Interfaces\{04B8D4CB-A835-4570-A68A-565138A1B901} : DHCPNameServer = 67.215.21.202 72.21.70.3
TCP: Interfaces\{F7068BD0-F121-4F56-B3AD-BCAD04EB4BB7} : DHCPNameServer = 72.21.70.3 67.215.21.202 192.168.1.1
Filter: text/html - <Clsid value has no data>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/html - <Clsid value has no data>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-4 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-4 25928]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe --> C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [?]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-6-19 3148288]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-30 10:00:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-30 10:00:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-01 21:42:38 90708896 ----a-w- C:\Windows\System32\mrt.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll
2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll
2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys
2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe
2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe
2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe
.
============= FINISH: 21:24:49.77 ===============
 

Link to post
Share on other sites

Hi egan, lets get rid of the infection that RogueKiller found !! If you have the OTL log go ahead & post it also !!

 

Open RogueKiller :     
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+
 

 

Will be waiting for the OTL log & clean up from the RogueKiller run above !!

 

I will read threw the OTL & write a fix for you either tonight or tomorrow morning cause it takes me about 45 minutes to read threw that log !!

 

Thanks

Chuck

Link to post
Share on other sites

OTL Extras logfile created on: 1/4/2014 9:33:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shaneen Egan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.43% Memory free
8.16 Gb Paging File | 6.14 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.05 Gb Total Space | 129.07 Gb Free Space | 58.65% Space Free | Partition Type: NTFS
 
Computer Name: SE | User Name: Shaneen Egan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1776805723-2028868014-283815931-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 25 81 80 75 51 39 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A9CE44-89DD-4AD8-9658-B6EF234F4248}" = lport=137 | protocol=17 | dir=in | app=system |
"{2178E4F7-82E4-489C-A432-151A6D84EB6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C0CC69D-EA88-4E14-B4B3-F57F97328946}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F37B2CF-EC35-4004-BE14-7F21AC7E6829}" = rport=137 | protocol=17 | dir=out | app=system |
"{56347B90-F1CA-4E08-B2EA-CB5E56F92239}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59A6895B-7643-488D-B234-60A7A10BF3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7982EC87-103E-4ACE-A09C-B2FE98C58EAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A306E188-5536-455A-9404-9C901684EFB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA1EC6C1-4C66-4F12-B4A0-FAE01F61E3F0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C14F0F3E-1EB4-4BE3-B34A-93BC0356E8ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C79634C7-E1E2-41B5-90C2-7FF426D8FA7C}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD9CA593-2823-4541-94C1-1DC99292AAD9}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0373BFD2-1E6A-45B1-8D0B-C9FE25FD4803}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{101E8348-F142-4484-B32B-3E8EA6F857F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12B79826-0F9D-422B-BD7D-3610DF7A3471}" = protocol=58 | dir=out | [email protected],-28546 |
"{15E83689-AACB-4281-950D-FEE4AB121A33}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{195A097F-552E-4ADB-B789-F381038B9E37}" = protocol=58 | dir=in | [email protected],-28545 |
"{36ADF0F2-B4B6-4232-BEE3-616E1AE3B9A4}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3BC78D17-7B30-4D62-9877-9CD9AEB4D1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{408B7172-BDDD-4B5D-A9DE-00F74B975959}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{433A6A18-2AD5-45B9-A8A0-298C95484410}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{43CEDECA-0C68-4539-8FE8-5D05C43EEA8B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{44B05C75-A5EF-4EC1-AF9E-7059C67FA7DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{44BF0E6A-16D7-41CB-9518-190878D6FADF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{484EC066-6829-4990-8D25-9DA0FAC4338A}" = protocol=6 | dir=in | app=c:\program files (x86)\addthis toolbar\troubleshooter.exe |
"{5CD55969-A2D8-4C79-9878-03FFB024DA06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5EB2E882-0441-4BA0-9F5A-EEC7FC24553C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{61A3C477-0274-4DC9-9E06-8915E24980AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{717049C8-915F-4718-8B0C-DC4E6C36B79B}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{8049FE5C-2B60-4881-AB0E-995D61A521F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85C97B64-BA23-4A34-8B82-B167F5E6FA23}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{87739FFC-307B-4EC2-8158-D619FF715B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8CA67D18-D95C-44BF-9DA4-E26B0DADB864}" = protocol=17 | dir=in | app=c:\program files (x86)\addthis toolbar\troubleshooter.exe |
"{9A145CA8-C458-422A-836C-93A7E43BCA12}" = protocol=17 | dir=in | app=c:\program files (x86)\kazaa\kazaa.exe |
"{AA926F9C-3026-4028-9EE3-CB024099C1BD}" = protocol=6 | dir=in | app=c:\program files (x86)\kazaa\kazaa.exe |
"{B02C879C-9453-46C9-98F6-49099A74D2CE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B1530061-C439-40CE-B530-BB632F74A67C}" = protocol=17 | dir=in | app=c:\program files (x86)\addthis toolbar\toolbarupdate.exe |
"{B48BA75D-F538-4759-AD9C-C20AB00F7533}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B74A4447-6A01-4D58-B853-EF1E39F0DF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{B9C6527B-4FD2-449C-B47B-B8DB390CAFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BB38917E-C892-4B71-A10A-CAF48A5E6981}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BF5CA861-59EE-442F-8135-907F35F3C52C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{C0A53F40-799C-4A4E-AC91-246078D18A6F}" = protocol=1 | dir=in | [email protected],-28543 |
"{C50245D5-C50E-484B-90E6-9F7D77CB4437}" = protocol=6 | dir=in | app=c:\program files (x86)\addthis toolbar\toolbarupdate.exe |
"{C619428E-4437-4CB2-B622-28DB6A980EDF}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{C7D97D66-8920-4390-A021-295F6AF4A73D}" = dir=in | app=c:\users\shaneen egan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{CBEAB62A-8DFE-4756-AD83-FDBB1277DF3F}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{CC1EC8D8-9629-482F-BE67-6882217E9169}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{D55A4965-2C78-4849-991A-6035971F1C47}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{DA3B2EDF-743D-4103-B692-1C524426AEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E4A01549-A9F5-4BD6-8FFD-68C263B07594}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6DFDD71-1749-409C-93F6-ECD18F7E98E8}" = protocol=1 | dir=out | [email protected],-28544 |
"{E83BDE3C-F1F5-413E-80BE-091DFAA525AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ECD60FC6-41DA-4F42-9856-D15207C7C4CC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2539EAD-1B51-404B-8A9B-A5868B6EF95C}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{1B791523-DAAC-425F-844D-88BBF8293C33}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{44AF1F11-643C-49AF-B3E6-A9D5C7DE9C77}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{713B2ABE-1B61-44D8-9397-1015209DCE1C}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{AED19459-0F57-45FF-9A92-BE9850C2C687}C:\programdata\778cee\bm778_2190.exe" = protocol=6 | dir=in | app=c:\programdata\778cee\bm778_2190.exe |
"TCP Query User{D568DBDC-2EED-47C9-98C8-ECF14A0B57E8}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{15092AFF-38A5-4E90-8E13-E9AA8CF04151}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{50B31E39-6C8D-49CE-B09C-B4387C8CBDB7}C:\programdata\778cee\bm778_2190.exe" = protocol=17 | dir=in | app=c:\programdata\778cee\bm778_2190.exe |
"UDP Query User{914CD30A-0C09-4365-855A-083E64CCB2E5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B9C19B39-CA53-42BB-93DA-2166C7871F42}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"21A278FF533186329A8D4FCE4BC9BE937044B65B" = Windows Driver Package - Intel USB  (08/05/2009 9.1.1.1016)
"EDF6B682E17FB373EB8F895C08C9E29A33CFBB76" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/15/2008 6.0.1.5548)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Simsâ„¢ Life Stories
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AddThis Toolbar" = AddThis Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BearShare MediaBar" = MediaBar
"bSaving" = bSaving
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fast Browser SearchP" = Fast Browser Search Protection
"FilmFanaticbar Uninstall" = FilmFanatic Toolbar
"FrostWire" = FrostWire 4.21.7
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Software Assist" = Software Assist
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1776805723-2028868014-283815931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2014 6:44:13 PM | Computer Name = SE | Source = WinMgmt | ID = 10
Description =
 
Error - 1/4/2014 7:10:17 PM | Computer Name = SE | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16526 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: c30  Start Time: 01cf099f2426c77f  Termination Time: 34
 
Error - 1/4/2014 7:16:56 PM | Computer Name = SE | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16526 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 3d4  Start Time: 01cf09a221cb632f  Termination Time: 51
 
Error - 1/4/2014 8:55:29 PM | Computer Name = SE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,
time stamp 0x47919291, faulting module sysmain.dll, version 6.0.6002.18005, time
 stamp 0x49e04208, exception code 0xc0000005, fault offset 0x00000000000424bf,  process
 id 0x274, application start time 0x01cf099e51e2edcf.
 
Error - 1/4/2014 11:15:49 PM | Computer Name = SE | Source = WinMgmt | ID = 10
Description =
 
Error - 1/4/2014 11:17:09 PM | Computer Name = SE | Source = Application Error | ID = 1000
Description = Faulting application hpqWmiEx.exe, version 2.0.1.9, time stamp 0x4457c3f7,
 faulting module hpqWmiEx.exe, version 2.0.1.9, time stamp 0x4457c3f7, exception
 code 0xc0000005, fault offset 0x00005fe7,  process id 0x178, application start time
 0x01cf09c49c3ef3a5.
 
[ System Events ]
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7034
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 8:55:49 PM | Computer Name = SE | Source = Service Control Manager | ID = 7031
Description =
 
Error - 1/4/2014 11:14:21 PM | Computer Name = SE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:12:34 PM on 1/4/2014 was unexpected.
 
Error - 1/4/2014 11:16:06 PM | Computer Name = SE | Source = Service Control Manager | ID = 7022
Description =
 
Error - 1/4/2014 11:17:18 PM | Computer Name = SE | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
 

Link to post
Share on other sites

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Shaneen Egan [Admin rights]
Mode : Remove -- Date : 01/04/2014 22:38:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVS-60UST0 +++++
--- User ---
[MBR] 0ca105ab91de89c4bd56e21663885732
[bSP] 5e5983554871d978d57052f9a23d949c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225333 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461483190 | Size: 13139 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01042014_223838.txt >>
RKreport[0]_D_01042014_211315.txt;RKreport[0]_S_01042014_210820.txt;RKreport[0]_S_01042014_211616.txt
RKreport[0]_S_01042014_223404.txt

Link to post
Share on other sites

Egan thanks for the log ! I have to warn you about P2P programs >>> FrostWire is a peer-to-peer sharing program for the Gnutella and BitTorrent protocols. There were also signs of frostwire, bearshare, limewire and kazaa, one of these is where you caught the bad infection from !  This is where a major amount of virus comes from !

 

P2P Warning

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter  http://www.fbi.gov/cyberinvest/cyberedletter.htm
File sharing infects 500,000 computers   http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers
USAToday  http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
infoworld  http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft
Below are a few more articles on P2P that you may wish to read ....
http://www.us-cert.gov/cas/tips/ST05-007.html
http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://www.benedelman.org/spyware/p2p/
http://www.pcworld.com/article/126230/i ... works.html

I would remove Frostwire from the add/remove panel before you become infected with something that we may not be able to clean ! I have seen this happen. !!!

While you are in the Control panel remove this also >>> Javaâ„¢ 6 Update 2

 

 

 

Run this small program so we can see how protected you are !

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

Chuck

Link to post
Share on other sites

Great egan, looks like the infection is gone from the RougeKiller log ! Some get very hard to remove !!!

 

Reading threw those logs makes the eyes real tired, Now lets do the OTL cleaning !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{25D48CEB-F4D0-4601-BB0E-149A9DBB7B5B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:[b]64bit:[/b]'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE:[b]64bit:[/b]'>http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE:[b]64bit:[/b] - HKLM\..\SearchScopes\{F698946B-5E2B-4EAB-9E29-0AB57CFA079B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\URLSearchHook:  - No CLSID value foundIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found3815931-1000\..\SearchScopes,DefaultScope = {F698946B-5E2B-4EAB-9E29-0AB57CFA079B}IE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{25D48CEB-F4D0-4601-BB0E-149A9DBB7B5B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/searchIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEIE - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\SearchScopes\{F698946B-5E2B-4EAB-9E29-0AB57CFA079B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7FF - user.js - File not foundFF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found[2009/09/05 12:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Extensions[2009/09/05 12:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Extensions\[email protected][2014/01/04 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Firefox\Profiles\j4szpwbl.default\extensions[2014/01/04 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaneen Egan\AppData\Roaming\Mozilla\Firefox\Profiles\x523uufa.default\extensions[2010/02/12 00:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsO3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-1776805723-2028868014-283815931-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - No CLSID value found.O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not foundO13[b]64bit:[/b] - gopher Prefix: missingO13 - gopher Prefix: missingO18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\text/html - No CLSID value foundO18 - Protocol\Filter\text/html - No CLSID value found  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



Post the OTL fix Log next please !

 

Thanks

Chuck

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.78 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player  11.9.900.170 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.