stepnharp Posted July 11, 2013 ID:701602 Share Posted July 11, 2013 Hi, My PC (Windows 7) was infected by searchou while I was trying out PrivatizeVPN. Norton Antivirus stopped MagniPic but I still downloaded the searchou problem (it shows up in the address bar in Firefox, Chrome and IE).How do I remove it? Have downloaded all of the applications that were listed in the following forum:http://forums.malwarebytes.org/index.php?s=199e384080d81da60ebf8780a05bd0b5&showtopic=124649 Thank you very much!Scott Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701603 Share Posted July 11, 2013 Hello Scott and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post the log files in your next reply. http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701607 Share Posted July 11, 2013 HI Maniac, Thanks for your help. Below are DDS.txt and Attach.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by stepnharp at 17:32:06 on 2013-07-11Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8149.6273 [GMT 3:00].AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\WiTopia\WiTopiaService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exeC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dlluRun: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostartmRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.100.1TCP: Interfaces\{16B227BC-F1A6-42FF-99AA-2049DB164879} : DHCPNameServer = 192.168.100.1TCP: Interfaces\{594851A0-B4BC-4F6F-981E-B80175489C4F} : DHCPNameServer = 10.118.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= acaptuser32.dll c:\progra~2\websea~1\sprote~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\FF - prefs.js: browser.search.selectedEngine - WebSearchFF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-06-15 17:13; ffxtlbr@privitize.com; C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\ffxtlbr@privitize.comFF - ExtSQL: 2013-06-15 18:01; z4ao@iawrl.org; C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.orgFF - ExtSQL: 2013-07-10 19:13; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.---- FIREFOX POLICIES ----FF - user.js: extensions.privitize.id - b0e8cb1000000000000000c0ca53eb83FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}FF - user.js: extensions.privitize.instlDay - 15871FF - user.js: extensions.privitize.vrsn - 1.8.16.22FF - user.js: extensions.privitize.vrsni - 1.8.16.22FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2217:13:08FF - user.js: extensions.privitize.prtnrId - privitizeFF - user.js: extensions.privitize.prdct - privitizeFF - user.js: extensions.privitize.aflt - orgnlFF - user.js: extensions.privitize.smplGrp - noneFF - user.js: extensions.privitize.tlbrId - baseFF - user.js: extensions.privitize.instlRef -FF - user.js: extensions.privitize.dfltLng -FF - user.js: extensions.privitize.excTlbr - trueFF - user.js: extensions.privitize.ffxUnstlRst - falseFF - user.js: extensions.privitize.admin - falseFF - user.js: extensions.privitize.autoRvrt - falseFF - user.js: extensions.privitize.rvrt - falseFF - user.js: extensions.privitize.hmpg - trueFF - user.js: extensions.privitize.dfltSrch - trueFF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)FF - user.js: extensions.privitize.dnsErr - trueFF - user.js: extensions.privitize.newTab - true.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [2013-7-10 1393240]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSviA64.sys [2013-7-11 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-10 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-10 701512]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-8-26 36864]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2012-10-14 63064]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-8 138912]R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-10 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-8-27 135560]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2012-8-26 848384]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2012-10-14 38344]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880].=============== File Associations ===============.FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-07-11 14:24:03 -------- d-----w- C:\Program Files (x86)\WebSearch2013-07-10 18:18:13 -------- d-----w- C:\Users\stepnharp\AppData\Roaming\Malwarebytes2013-07-10 18:18:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-10 18:18:05 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-10 18:18:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-10 16:22:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-10 16:14:18 -------- d-----w- C:\Users\stepnharp\AppData\Roaming\RealNetworks2013-07-10 16:13:47 -------- d-----w- C:\ProgramData\RealNetworks2013-07-10 16:13:47 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-07-10 05:41:41 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe2013-07-10 04:02:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 04:02:18 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 04:02:18 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 04:02:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 04:02:18 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 04:02:18 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 04:02:18 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 04:02:18 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 04:02:18 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 04:02:17 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 04:02:17 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 04:01:57 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 04:01:56 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 04:01:56 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 04:01:55 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 04:01:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 04:01:55 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 04:01:39 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 04:01:39 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-17 10:10:29 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys2013-06-17 10:10:29 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys2013-06-17 10:10:29 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys2013-06-17 10:10:29 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys2013-06-17 10:10:29 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys2013-06-17 10:10:29 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys2013-06-17 10:10:29 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys2013-06-17 10:10:28 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys2013-06-17 10:10:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.0282013-06-16 05:13:54 -------- d-----w- C:\Users\stepnharp\AppData\Local\NPE2013-06-15 14:14:19 -------- d-----w- C:\ProgramData\StarApp2013-06-15 14:14:06 -------- d-----w- C:\Program Files (x86)\MagniPic2013-06-15 14:13:43 -------- d-----w- C:\ProgramData\InstallMate2013-06-12 14:35:29 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-12 14:34:47 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-06-12 14:34:47 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-06-12 14:34:05 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-06-12 14:34:05 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-06-12 14:34:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-06-12 14:34:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-06-12 14:32:41 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-06-12 14:32:41 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-06-12 14:32:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-06-12 14:32:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-06-12 14:32:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-06-12 14:32:40 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-06-12 14:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-06-12 14:32:39 52224 ----a-w- C:\Windows\System32\certenc.dll2013-06-12 14:32:39 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-06-12 14:32:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-06-12 14:31:14 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-06-12 14:31:14 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.==================== Find3M ====================.2013-07-10 16:22:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-10 16:22:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-10 16:13:10 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-07-10 16:13:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-07-10 04:18:39 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-06-12 19:05:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-12 19:05:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-02 00:40:06 38344 ----a-w- C:\Windows\System32\drivers\visctap0901.sys2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-09-14 02:43:00 44 ---h--w- C:\Program Files (x86)\21719e00.tmp.============= FINISH: 17:32:29.59 =============== Attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 8/27/2012 1:59:49 AMSystem Uptime: 7/11/2013 4:46:17 PM (1 hours ago).Motherboard: Dell Inc. | | 06D7TRProcessor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 195 GiB total, 84.298 GiB free.D: is FIXED (NTFS) - 270 GiB total, 269.39 GiB free.E: is CDROM ()F: is FIXED (NTFS) - 1397 GiB total, 688.231 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Viscosity Virtual Adapter V9.1Device ID: ROOT\NET\0000Manufacturer: SparklabsName: Viscosity Virtual Adapter V9.1PNP Device ID: ROOT\NET\0000Service: visctap0901.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek RTL8188RU Wireless LAN 802.11n USB High Power DongleDevice ID: USB\VID_0BDA&PID_817F\00E04C000001Manufacturer: Realtek Semiconductor Corp.Name: Realtek RTL8188RU Wireless LAN 802.11n USB High Power DonglePNP Device ID: USB\VID_0BDA&PID_817F\00E04C000001Service: RTL8192cu.==== System Restore Points ===================.RP81: 6/6/2013 10:32:32 AM - Scheduled CheckpointRP82: 6/12/2013 11:01:04 PM - Windows UpdateRP83: 6/15/2013 9:48:21 PM - Windows UpdateRP84: 6/16/2013 11:08:33 PM - Windows UpdateRP85: 7/10/2013 9:27:19 AM - Windows UpdateRP86: 7/10/2013 7:22:14 PM - Installed Java 7 Update 25RP87: 7/11/2013 7:36:37 AM - Windows Update.==== Installed Programs ======================.µTorrentAdobe Acrobat 9 Pro Extended - English, Français, DeutschAdobe Acrobat 9 Pro Extended 64-bit Add-OnAdobe AIRAdobe Anchor Service CS4Adobe Bridge CS4Adobe CMaps CS4Adobe CSI CS4Adobe CSI CS4 x64Adobe Default Language CS4Adobe Device Central CS4Adobe Dreamweaver CS4Adobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Output ModuleAdobe PDF Library Files CS4Adobe Photoshop 7.0.1Adobe Reader XI (11.0.03)Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe Type Support CS4Adobe Update Manager CS4Adobe XMP Panels CS4Cisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConnectETDWare PS/2-x64 7.0.6.5_WHQLFileZilla Client 3.6.0.2GOM PlayerGoogle ChromeGoogle EarthGoogle Talk (remove only)Google Toolbar for Internet ExplorerGoogle Update HelperHP Officejet 6500 E710a-f Basic Device SoftwareHP Officejet 6500 E710a-f HelpHP Officejet 6500 E710n-z Basic Device SoftwareHP Officejet 6500 E710n-z HelpHP UpdateI.R.I.S. OCRIntel® Network Connections DriversJava 7 Update 25Java 7 Update 6 (64-bit)Java Auto UpdaterK-Lite Codec Pack 9.2.0 (Full)kulerMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft Application Error ReportingMicrosoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft Help Viewer 1.0Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office 64-bit Components 2013Microsoft Office Access MUI (English) 2007Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Excel MUI (English) 2010Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2007Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2007Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2013 PreviewMicrosoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Proofing Tools 2013 Preview - EnglishMicrosoft Office Proofing Tools 2013 Preview - FrenchMicrosoft Office Proofing Tools 2013 Preview - SpanishMicrosoft Office Publisher MUI (English) 2007Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Visio 2007 Service Pack 3 (SP3)Microsoft Office Visio MUI (English) 2007Microsoft Office Visio Professional 2007Microsoft Office Word MUI (English) 2007Microsoft Office Word MUI (English) 2010Microsoft OneNote MUI (English) 2013Microsoft OSM MUI (English) 2013Microsoft OSM UX MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Professional Plus 2013Microsoft Proofing (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Shared 64-bit MUI (English) 2013Microsoft Shared 64-bit Setup Metadata MUI (English) 2013Microsoft Shared MUI (English) 2013Microsoft Shared Setup Metadata MUI (English) 2013Microsoft SilverlightMicrosoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support FilesMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server System CLR TypesMicrosoft SQL Server VSS WriterMicrosoft Visual Basic 2010 Express - ENUMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 ADO.NET Entity Framework ToolsMicrosoft Visual Studio 2010 Express Prerequisites x64 - ENUMicrosoft Word MUI (English) 2013Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceNero 8 Micro v8.1.1.0Norton Internet SecurityNVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Display Control PanelNVIDIA DriversNVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA PhysXNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPass4sure Questions and Answers for Cisco 642-832Photoshop Camera RawPicasa 3PingPlotter Standard 3.40.2sPowerDVDRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek High Definition Audio DriverREALTEK Wireless LAN Driver and UtilityRealUpgrade 1.1Search Assistant 1.74Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSecurity Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)Skype™ 5.10Sql Server Customer Experience Improvement ProgramSuite Shared Configuration CS4The KMPlayer (remove only)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Visio 2007 Help (KB963666)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2013 PreviVisual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENUVLC media player 2.0.3WinampWinHTTrack Website Copier 3.47-18WinRAR 4.20 (64-bit)WiTopiaYahoo! Messenger.==== Event Viewer Messages From Past Week ========.7/11/2013 4:49:05 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/11/2013 4:49:05 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.7/11/2013 4:46:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 1267/10/2013 7:33:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.7/10/2013 6:50:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nCU service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701609 Share Posted July 11, 2013 Step 1 Please uninstall the following applications: µTorrent Search Assistant 1.74 Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner loga new fresh DDS log Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701623 Share Posted July 11, 2013 Step 1Uninstalled - µTorrentUninstalled - Search Assistant 1.74Step 2See below JRT.txt Step 3See below AdmCleaner[s1].txtSee below DDS log ******************************************************~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.0.7 (07.11.2013:1)OS: Windows 7 Ultimate x64Ran by stepnharp on Thu 07/11/2013 at 17:45:27.96~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1578135603-1554508644-824331228-1001\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearchSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotectorSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp globalSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotectorSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3220468Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19BF4A7B-03DF-48B7-927B-AAD59E6A03CB}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7ED489DB-687B-4771-ADB9-509296CC2404}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\installmate"Successfully deleted: [Folder] "C:\Users\stepnharp\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\stepnharp\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\stepnharp\appdata\locallow\magnipic"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\magnipic"Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"~~~ FireFoxSuccessfully deleted: [File] C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\user.jsSuccessfully deleted: [File] "C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi"Successfully deleted: [File] C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\searchplugins\privitize.xmlSuccessfully deleted: [File] C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\searchplugins\websearch.xmlSuccessfully deleted: [Folder] C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\jetpackSuccessfully deleted: [Folder] C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\smartbarSuccessfully deleted the following from C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\prefs.jsuser_pref("CT3220468.Facebook_Conduit_Social_SSKEY_1618885684", "HliaOYklY3TURJNYQEgHI2l-TxvDI2_rPUR.sZEv");user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getuser_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;Luser_pref("CT3220468.hxxp___facebook_conduitapps_com_v3_13.Facebook_Last_Visit_Tab", "newsFeedLi");user_pref("CT3220468.isPerformedSmartBarTransition", "true");user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNuser_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMuser_pref("CT3220468.search.searchAppId", "129813684258939747");user_pref("CT3220468.search.searchCount", "2");user_pref("CT3220468.smartbar.CTID", "CT3220468");user_pref("CT3220468.smartbar.Uninstall", "0");user_pref("CT3220468.smartbar.homepage", true);user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");user_pref("Smartbar.ConduitHomepagesList", "");user_pref("Smartbar.ConduitSearchEngineList", "");user_pref("Smartbar.ConduitSearchUrlList", "");user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");user_pref("browser.search.defaultengine", "Privitize VPN");user_pref("browser.search.defaultenginename", "WebSearch");user_pref("browser.search.defaultenginename,S", "WebSearch");user_pref("browser.search.order.1", "WebSearch");user_pref("browser.search.order.1,S", "WebSearch");user_pref("browser.search.selectedEngine", "WebSearch");user_pref("browser.search.selectedEngine,S", "WebSearch");user_pref("extensions.51bc81d51245f.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');scriptuser_pref("extensions.BabylonToolbar.prtkDS", 0);user_pref("extensions.BabylonToolbar.prtkHmpg", 0);user_pref("extensions.mywebsearch.prevDefaultEngine", "");user_pref("extensions.mywebsearch.prevSelectedEngine", "");user_pref("extensions.privitize.admin", false);user_pref("extensions.privitize.aflt", "orgnl");user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");user_pref("extensions.privitize.autoRvrt", "false");user_pref("extensions.privitize.dfltLng", "");user_pref("extensions.privitize.dfltSrch", true);user_pref("extensions.privitize.dnsErr", true);user_pref("extensions.privitize.dpk_blck", "true");user_pref("extensions.privitize.dspFFXOld", "Google");user_pref("extensions.privitize.excTlbr", true);user_pref("extensions.privitize.ffxUnstlRst", false);user_pref("extensions.privitize.hmpg", true);user_pref("extensions.privitize.id", "b0e8cb1000000000000000c0ca53eb83");user_pref("extensions.privitize.instlDay", "15871");user_pref("extensions.privitize.instlRef", "");user_pref("extensions.privitize.lastVrsnTs", "1.8.16.2217:13:08");user_pref("extensions.privitize.newTab", true);user_pref("extensions.privitize.prdct", "privitize");user_pref("extensions.privitize.prtnrId", "privitize");user_pref("extensions.privitize.rvrt", "false");user_pref("extensions.privitize.smplGrp", "none");user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");user_pref("extensions.privitize.tlbrId", "base");user_pref("extensions.privitize.vrsn", "1.8.16.22");user_pref("extensions.privitize.vrsnTs", "1.8.16.2217:13:08");user_pref("extensions.privitize.vrsni", "1.8.16.22");user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", true);user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013051012");user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm074^YY^sa");user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "AB9A521D-5ED8-4894-B5BD-0CF6313964CA");user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1368179916334");user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");user_pref("extensions.toolbar.mindspark.hp.enabled", true);user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "fromdoctopdf@mindspark.com");user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");user_pref("smartbar.machineId", "JA0AOZXPUVRTNOIS6IUIH3R1FMMWEJ8H3WD1KTWZL48DI1BX4SFLCTCZNBU99PUO5RPLEUWYN/LWYMASQQTQCQ");user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");user_pref("sweetim.toolbar.previous.keyword.URL", "");user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");user_pref("sweetim.toolbar.searchguard.enable", "");Emptied folder: C:\Users\stepnharp\AppData\Roaming\mozilla\firefox\profiles\y08a97jo.default\minidumps [158 files]~~~ ChromeSuccessfully deleted: [Folder] C:\Users\stepnharp\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 07/11/2013 at 17:49:38.00End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.304 - Logfile created 07/11/2013 at 17:50:22# Updated 03/07/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : stepnharp - USER-PC# Boot Mode : Normal# Running from : C:\Users\stepnharp\Downloads\Adware Removal Tools\AdwCleaner by Xplode\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPicFolder Deleted : C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\ffxtlbr@privitize.com***** [Registry] *****Key Deleted : HKCU\Software\PrivitizeVPNInstallDatesKey Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16635[OK] Registry is clean.-\\ Mozilla Firefox v22.0 (en-US)File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nse7ktvc.default\prefs.js[OK] File is clean.File : C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\prefs.jsDeleted : user_pref("CT3220468.129571859753082121.isToggled_item0_12", "true");Deleted : user_pref("CT3220468.129813684259252248.APP_WIN_FEATURES", "resizable=0,saveresizedsize=0,titlebar=0[...]Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NDM5NTg0NiwidXVpZCI6NTA5NzcyOTg5OTA3NzQ1LCJ[...]Deleted : user_pref("CT3220468.BT_Usage", "{\"uuid\":509772989907745,\"seq_id\":1}");Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]Deleted : user_pref("CT3220468.Facebbok_user_cuid_1618885684", "3c340001-607e-0000-0000-000000000000");Deleted : user_pref("CT3220468.Facebbok_user_id", "1618885684");Deleted : user_pref("CT3220468.FacebookNotifications", "1");Deleted : user_pref("CT3220468.Facebook_First_Visit", "notFirst");Deleted : user_pref("CT3220468.Facebook_LoggedIn", "yes");Deleted : user_pref("CT3220468.Facebook_Login_Refresh", "0.6142591673612302");Deleted : user_pref("CT3220468.Facebook_Login_Status", "3");Deleted : user_pref("CT3220468.Facebook_Mode", "2");Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");Deleted : user_pref("CT3220468.Facebook_User_token", "AAAAAMNu9ISgBAB630CD9Gg3eTooiKGjM0fT8pFoLZB9yc73bTKxjfk8[...]Deleted : user_pref("CT3220468.Facebook_ctid_Connect_send_n", "sended");Deleted : user_pref("CT3220468.Facebook_ctid_Connect_send_new", "sended");Deleted : user_pref("CT3220468.Facebook_user_name", "0x0053,0x0063,0x006F,0x0074,0x0074,0x0020,0x0053,0x0074,0[...]Deleted : user_pref("CT3220468.FirstTime", "true");Deleted : user_pref("CT3220468.FirstTimeFF3", "true");Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);Deleted : user_pref("CT3220468.UserID", "UN89211470706362636");Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");Deleted : user_pref("CT3220468.autoDisableScopes", -1);Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);Deleted : user_pref("CT3220468.cb_experience_000", "38");Deleted : user_pref("CT3220468.cb_firstuse0100", "1");Deleted : user_pref("CT3220468.cbcountry_001", "SA");Deleted : user_pref("CT3220468.cbfirsttime.enc", "VHVlIFNlcCAyNSAyMDEyIDIxOjA4OjI2IEdNVCswMzAwIChBcmFiIFN0YW5k[...]Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]Deleted : user_pref("CT3220468.enableAlerts", "always");Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");Deleted : user_pref("CT3220468.fixUrls", true);Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]Deleted : user_pref("CT3220468.installId", "fft9B0B.tmp.exe");Deleted : user_pref("CT3220468.installType", "XPE");Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");Deleted : user_pref("CT3220468.isNewTabEnabled", false);Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.keyword", true);Deleted : user_pref("CT3220468.lastVersion", "10.15.0.562");Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NDM5NTg2MDgyMg==");Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b2Zm");Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b2Zm");Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U=");Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...]Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");Deleted : user_pref("CT3220468.mam_gk_eventsCache.enc", "eyI2YTM2OTg0MC05NGNiLTQ0MDAtODZkYi05NGVkZWM1YTJiNzEiO[...]Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");Deleted : user_pref("CT3220468.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NDM5NTg1NjU0MQ==");Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "ZmFsc2U=");Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");Deleted : user_pref("CT3220468.mam_gk_userId.enc", "ODMwZDVhZTEtNzQyMi00MzQxLWJmMjgtN2IyM2RiMTc5ZGFk");Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]Deleted : user_pref("CT3220468.openThankYouPage", "true");Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");Deleted : user_pref("CT3220468.searchInNewTabEnabled", "false");Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349460507746");Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1364395848441");Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349806105698");Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1364364693082");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354813695931");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358533375241");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364364693024");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359907687150");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360945644161");Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363192715811");Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349806105739");Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1349886300769");Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1364364692654");Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349806105614");Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1364395848400");Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1364364693519");Deleted : user_pref("CT3220468.settingsINI", true);Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");Deleted : user_pref("CT3220468.showToolbarPermission", "false");Deleted : user_pref("CT3220468.startPage", "userChanged");Deleted : user_pref("CT3220468.toolbarBornServerTime", "25-9-2012");Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "27-3-2013");Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 10:43:11 GMT+0300 (Arab Standard Time[...]Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]Deleted : user_pref("aol_toolbar.default.homepage.check", false);Deleted : user_pref("aol_toolbar.default.search.check", false);-\\ Google Chrome v28.0.1500.71File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[s1].txt - [10919 octets] - [11/07/2013 17:50:22]########## EOF - C:\AdwCleaner[s1].txt - [10980 octets] ########## DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by stepnharp at 17:55:14 on 2013-07-11Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8149.6597 [GMT 3:00].AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\WiTopia\WiTopiaService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dlluRun: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostartmRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: Interfaces\{16B227BC-F1A6-42FF-99AA-2049DB164879} : DHCPNameServer = 192.168.100.1TCP: Interfaces\{594851A0-B4BC-4F6F-981E-B80175489C4F} : DHCPNameServer = 10.118.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= acaptuser32.dll SSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-06-15 17:13; ffxtlbr@privitize.com; C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\ffxtlbr@privitize.comFF - ExtSQL: 2013-06-15 18:01; z4ao@iawrl.org; C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.orgFF - ExtSQL: 2013-07-10 19:13; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [2013-7-10 1393240]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSviA64.sys [2013-7-11 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-10 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-10 701512]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-8-26 36864]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2012-10-14 63064]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-8 138912]R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-10 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-8-27 135560]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2012-8-26 848384]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2012-10-14 38344]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880].=============== File Associations ===============.FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-07-11 14:45:25 -------- d-----w- C:\Windows\ERUNT2013-07-10 18:18:13 -------- d-----w- C:\Users\stepnharp\AppData\Roaming\Malwarebytes2013-07-10 18:18:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-10 18:18:05 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-10 18:18:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-10 16:22:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-10 16:14:18 -------- d-----w- C:\Users\stepnharp\AppData\Roaming\RealNetworks2013-07-10 16:13:47 -------- d-----w- C:\ProgramData\RealNetworks2013-07-10 16:13:47 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-07-10 05:41:41 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe2013-07-10 04:02:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 04:02:18 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 04:02:18 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 04:02:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 04:02:18 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 04:02:18 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 04:02:18 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 04:02:18 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 04:02:18 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 04:02:17 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 04:02:17 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 04:01:57 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 04:01:56 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 04:01:56 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 04:01:55 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 04:01:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 04:01:55 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 04:01:39 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 04:01:39 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-17 10:10:29 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys2013-06-17 10:10:29 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys2013-06-17 10:10:29 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys2013-06-17 10:10:29 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys2013-06-17 10:10:29 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys2013-06-17 10:10:29 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys2013-06-17 10:10:29 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys2013-06-17 10:10:28 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys2013-06-17 10:10:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.0282013-06-16 05:13:54 -------- d-----w- C:\Users\stepnharp\AppData\Local\NPE2013-06-15 14:14:19 -------- d-----w- C:\ProgramData\StarApp2013-06-12 14:35:29 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-12 14:34:47 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-06-12 14:34:47 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-06-12 14:34:05 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-06-12 14:34:05 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-06-12 14:34:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-06-12 14:34:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-06-12 14:32:41 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-06-12 14:32:41 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-06-12 14:32:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-06-12 14:32:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-06-12 14:32:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-06-12 14:32:40 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-06-12 14:32:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-06-12 14:32:39 52224 ----a-w- C:\Windows\System32\certenc.dll2013-06-12 14:32:39 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-06-12 14:32:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-06-12 14:31:14 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-06-12 14:31:14 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.==================== Find3M ====================.2013-07-10 16:22:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-10 16:22:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-10 16:13:10 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-07-10 16:13:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-07-10 04:18:39 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-06-12 19:05:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-12 19:05:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-02 00:40:06 38344 ----a-w- C:\Windows\System32\drivers\visctap0901.sys2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2012-09-14 02:43:00 44 ---h--w- C:\Program Files (x86)\21719e00.tmp.============= FINISH: 17:56:11.86 =============== Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701625 Share Posted July 11, 2013 How are things now? Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701629 Share Posted July 11, 2013 PC is acting better. Searchou does not appear to be in Chrome, IE or Firefox. But Chrome is now opening up at the following page:http://websearch.searchouse.info/?unqvl=25&r=2013/07/11 In Chrome only (not IE and Firefox), popup adds are trying to open. Nortons is stopping them http://supersavings.wwwblogto.com/home.html Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701630 Share Posted July 11, 2013 Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701632 Share Posted July 11, 2013 See below OTL.Txt and Extras.Txt **************************************************************** OTL logfile created on: 7/11/2013 6:26:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stepnharp\Downloads\Adware Removal Tools\Old Timer OTL64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.96 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.46% Memory free15.91 Gb Paging File | 13.65 Gb Available in Paging File | 85.78% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 195.22 Gb Total Space | 83.91 Gb Free Space | 42.98% Space Free | Partition Type: NTFSDrive D: | 270.45 Gb Total Space | 269.39 Gb Free Space | 99.61% Space Free | Partition Type: NTFSDrive F: | 1397.26 Gb Total Space | 688.23 Gb Free Space | 49.26% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: stepnharp | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/10 20:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stepnharp\Downloads\Adware Removal Tools\Old Timer OTL\OTL.exePRC - [2013/07/10 19:13:14 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exePRC - [2013/07/10 07:02:32 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exePRC - [2013/07/03 08:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exePRC - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/05/09 10:43:39 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exePRC - [2013/04/16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exePRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exePRC - [2011/12/27 16:01:34 | 001,925,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exePRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exePRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013/07/03 08:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dllMOD - [2013/07/03 08:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dllMOD - [2013/07/03 08:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\libglesv2.dllMOD - [2013/07/03 08:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\libegl.dllMOD - [2013/07/03 08:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dllMOD - [2012/11/30 00:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dllMOD - [2012/05/30 17:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2013/05/02 03:39:56 | 000,063,064 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2013/07/10 08:41:42 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/06/12 22:05:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)SRV - [2013/05/11 13:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/01/21 19:49:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/10 07:18:39 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2013/05/23 08:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)DRV:64bit: - [2013/05/21 08:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)DRV:64bit: - [2013/05/16 08:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)DRV:64bit: - [2013/05/02 03:40:06 | 000,038,344 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\visctap0901.sys -- (visctap0901)DRV:64bit: - [2013/04/25 03:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)DRV:64bit: - [2013/04/16 05:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/05 04:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)DRV:64bit: - [2013/03/05 04:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)DRV:64bit: - [2011/07/20 19:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/11 09:36:14 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)DRV:64bit: - [2010/11/21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)DRV:64bit: - [2010/11/21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2010/11/21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/06 10:45:46 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/06/22 01:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2010/04/14 02:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2013/07/09 20:51:45 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130711.001\ex64.sys -- (NAVEX15)DRV - [2013/07/09 20:51:45 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130711.001\eng64.sys -- (NAVENG)DRV - [2013/07/09 14:08:56 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSviA64.sys -- (IDSVia64)DRV - [2013/05/31 19:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)DRV - [2012/10/16 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2012/08/29 20:01:02 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{141089FD-3BDD-4995-80DB-43FA5CF391C9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mclmail.saic.com/exchweb/bin/auth/usa/logonSAIC.aspIE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/?st=1®ion=ksa.IE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 D2 27 B1 5C 84 CD 01 [binary data]IE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value foundIE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\SearchScopes,DefaultScope = {141089FD-3BDD-4995-80DB-43FA5CF391C9}IE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\SearchScopes\{141089FD-3BDD-4995-80DB-43FA5CF391C9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNQN_enSA498IE - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: ""FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013/07/11 17:53:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/10 19:13:47 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/10/22 21:47:39 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/10 19:13:47 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/10 08:41:40 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/10 08:41:40 | 000,000,000 | ---D | M] [2012/08/28 21:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Extensions[2013/07/11 17:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions[2013/06/15 17:14:22 | 000,000,000 | ---D | M] (MagniPic) -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.org[2013/02/16 16:26:08 | 000,010,339 | ---- | M] () -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo-1.xml[2013/02/16 16:25:55 | 000,010,339 | ---- | M] () -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo.xml[2013/07/10 08:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/07/10 08:41:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2013/07/10 19:13:47 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT[2012/06/23 18:19:12 | 000,033,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll[2012/12/26 19:55:05 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - default_search_provider: WebSearch (Enabled)CHR - default_search_provider: search_url = http://websearch.searchouse.info/?unqvl=25&l=1&q={searchTerms}CHR - default_search_provider: suggest_url = http://localhostCHR - homepage: http://websearch.searchouse.info/?unqvl=25CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dllCHR - plugin: Norton Identity Safe (Enabled) = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllCHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dllCHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dllCHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLLCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllCHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllCHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dllCHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllCHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllCHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllCHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllCHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllCHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dllCHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dllCHR - Extension: Google Docs = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: RealDownloader = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\CHR - Extension: MagniPic = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcmogigadmlnaokcgflkjkcaccblokop\1\CHR - Extension: Norton Identity Protection = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\CHR - Extension: Gmail = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)O3:64bit: - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1578135603-1554508644-824331228-1001..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1578135603-1554508644-824331228-1001\..Trusted Domains: saic.com ([mclmail] https in Trusted sites)O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16B227BC-F1A6-42FF-99AA-2049DB164879}: DhcpNameServer = 192.168.100.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{594851A0-B4BC-4F6F-981E-B80175489C4F}: DhcpNameServer = 10.118.0.1O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/12/15 12:52:18 | 000,000,080 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/11 17:54:05 | 000,000,000 | ---D | C] -- C:\Users\stepnharp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD[2013/07/11 17:45:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/07/11 07:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd[2013/07/11 07:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd[2013/07/10 21:18:13 | 000,000,000 | ---D | C] -- C:\Users\stepnharp\AppData\Roaming\Malwarebytes[2013/07/10 21:18:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/07/10 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/07/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/07/10 21:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/07/10 19:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2013/07/10 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\stepnharp\AppData\Roaming\RealNetworks[2013/07/10 19:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks[2013/07/10 19:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks[2013/07/10 08:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2013/06/16 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\stepnharp\AppData\Local\NPE[2013/06/15 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/11 18:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578135603-1554508644-824331228-1000UA.job[2013/07/11 18:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/07/11 18:01:18 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/11 18:01:18 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/11 17:54:08 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/11 17:53:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs[2013/07/11 17:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/11 17:53:19 | 2113,679,359 | -HS- | M] () -- C:\hiberfil.sys[2013/07/11 17:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/11 16:50:53 | 000,870,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/07/11 16:50:53 | 000,725,380 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/07/11 16:50:53 | 000,145,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/07/11 07:36:56 | 001,826,697 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB[2013/07/10 21:18:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/10 19:13:50 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk[2013/07/10 19:13:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll[2013/07/10 19:09:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578135603-1554508644-824331228-1000Core.job[2013/07/10 19:00:32 | 000,448,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/10 08:57:36 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021[2013/07/10 07:18:39 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS[2013/07/10 07:18:39 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT[2013/07/10 07:18:39 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF[2013/06/16 23:11:18 | 000,864,394 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/06/12 19:19:53 | 000,049,957 | ---- | M] () -- C:\Users\stepnharp\Desktop\Walmart.pdf[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/11 07:37:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs[2013/07/10 21:18:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/10 19:13:50 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk[2013/06/12 19:19:53 | 000,049,957 | ---- | C] () -- C:\Users\stepnharp\Desktop\Walmart.pdf[2012/10/28 11:48:24 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI[2012/08/28 18:13:32 | 000,864,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/08/26 21:31:15 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe[2012/08/26 11:35:40 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2012/08/26 11:21:13 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/15 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\stepnharp\AppData\Roaming\Downloaded Installations[2013/05/01 22:18:52 | 000,000,000 | ---D | M] -- C:\Users\stepnharp\AppData\Roaming\FileZilla[2012/09/15 17:43:07 | 000,000,000 | ---D | M] -- C:\Users\stepnharp\AppData\Roaming\PingPlotter[2012/10/14 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\stepnharp\AppData\Roaming\WiTopia ========== Purity Check ========== < End of report > OTL Extras logfile created on: 7/11/2013 6:26:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stepnharp\Downloads\Adware Removal Tools\Old Timer OTL64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.96 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.46% Memory free15.91 Gb Paging File | 13.65 Gb Available in Paging File | 85.78% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 195.22 Gb Total Space | 83.91 Gb Free Space | 42.98% Space Free | Partition Type: NTFSDrive D: | 270.45 Gb Total Space | 269.39 Gb Free Space | 99.61% Space Free | Partition Type: NTFSDrive F: | 1397.26 Gb Total Space | 688.23 Gb Free Space | 49.26% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: stepnharp | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00C5892F-2FE3-4B34-BE12-7AFF6D0CA493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{04CE4AC9-945A-4E96-9DD4-C14752ECE7B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{0861F7D4-1245-4D6D-A0BD-46226D31FCF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{1F0CAD3E-CB5D-4A29-A0A5-FB1524D4FDEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{3B866F9E-44ED-4F5C-879E-B88B3C7893B8}" = lport=139 | protocol=6 | dir=in | app=system |"{41FF8EC4-9A0A-4FFC-AEC6-80336AA7719B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{59E00BCF-4AC5-467A-8D89-CDF5645E7AFF}" = lport=138 | protocol=17 | dir=in | app=system |"{67EE8812-1D74-4008-B3CA-3F3CBD9B9983}" = lport=445 | protocol=6 | dir=in | app=system |"{738226EE-C43E-4AF8-9F39-C51DDE1FE647}" = rport=137 | protocol=17 | dir=out | app=system |"{80173985-870F-4533-A626-D17E771BD76C}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |"{80CA0F67-6D64-4242-BF68-10B42433B5EC}" = lport=2869 | protocol=6 | dir=in | app=system |"{88063D51-4025-4A12-BADA-E1F5E6BFDAFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{931FE253-A08D-4A3A-A72F-3776694F36C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{9DF0E5E4-4BBC-415B-B1AD-B3477C462C66}" = rport=445 | protocol=6 | dir=out | app=system |"{B160FABB-05BD-483B-A091-CE388A32623E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B86A736A-02A8-4929-9587-E6C5A7D8CAE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CEDC1B41-B10D-4A6C-BCD9-8AE63EED8058}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{D52445A4-2817-4C82-9414-9F4A4F520593}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |"{DD307203-0A80-425D-A880-B28AB106226C}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |"{DD82228C-9A7A-4C25-A3A1-06161D1472AA}" = rport=138 | protocol=17 | dir=out | app=system |"{E052F43E-077A-44B9-B8ED-BF70AFAE9817}" = lport=10243 | protocol=6 | dir=in | app=system |"{E3660C93-DB05-474D-B6F2-7732AF13BFE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{ECEFC625-E39C-47D2-8A41-246D379B819B}" = lport=137 | protocol=17 | dir=in | app=system |"{F14C404B-5D09-4173-AAD1-88698722B6B6}" = rport=139 | protocol=6 | dir=out | app=system |"{F2E143E7-A6CB-497D-84D5-77EDEE1D3C7D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |"{FD6F7453-56E5-4120-9AA0-101CD0DC1ABA}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |"{FEC51CE8-1FF7-4B67-93AA-EF272B76F5DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{FFB442CA-1969-40F2-A3EC-8726452CE1AE}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{08BD8D98-E3C0-46AA-9022-5084CA91C2DD}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |"{0E925A31-D90E-4C01-A416-6FD20DA3D856}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |"{1D69ECA1-F4FD-4040-84AE-140D62684D14}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |"{2580378C-486B-435E-8A5E-83FECF7E2987}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |"{26FB2260-7C8D-4825-8A1C-653DB0DAF306}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"{3192DB57-33F0-42BD-9619-D515FADA47CB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |"{35DC47DD-0E06-443E-9DAE-3731B5A51C75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |"{3709ED86-6899-449F-B23F-A135D9F31125}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{3782A67F-1362-4099-A74D-52E99FF66BCE}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |"{3B8AE08D-9982-4763-8327-DA6DEDE0FC43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{40258088-4580-4926-A585-26587AEE48D3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |"{42A9BB70-A382-4C27-B88F-2043908824F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{42AD39FE-373D-46F7-B105-BD17C883F4BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{4E9026F4-F770-4FAE-95AE-380F0D50FD96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{4EC7529E-6111-4D89-A0BE-2076A004C0D7}" = protocol=6 | dir=out | app=system |"{53995ECB-FF6A-4B2A-B72E-DE2884721E2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{612B9757-295E-4935-85A5-38298904C7DC}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |"{6A30ABA6-9E28-4B65-ACB7-4102D5A021CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{7814F700-6C4B-4CD1-8EB7-267CF5670A0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{8EC631D6-87C4-420A-9F24-C64B60B8C59C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |"{93132B11-7C9D-4C82-9F45-F2E7BD703330}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{9B3033D4-73AA-454E-9935-11CC80ECEC96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{9EA5C1AD-9DEC-49DB-BD83-4CC3AC560D16}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{A21ABA1F-5F26-445E-A9CD-D2578C433DD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{B7D7F8A0-DC5B-45B1-BE88-0E03FC24F30D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |"{B97A80E0-D4D3-464B-AE6A-41DE21BADF3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{BC0386C6-AD22-4243-9089-33B13AF1E6C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{BDBB2C72-B350-46F6-BA60-0F9411B1972F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{C055EABD-A895-4C8D-A9E2-663705080260}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{C4BDF4F1-0D46-4C1C-A6AA-213C5C9ABCD4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |"{CDAA68EF-FC81-4522-A8A5-DD3518450936}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |"{D07BAB4D-575C-4270-967D-498947C9855D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{DEE2F15B-D401-4A32-A85C-61F2C22BD861}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{E5EA6C02-3B62-409A-A202-E5F48DFDDAF5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |"{ECF5413A-ABB1-4125-8971-2D56F7679ECC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{ED9292A3-E04B-4D89-B3AC-EE37E565306F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{EE6F26EB-EED4-48C2-99DB-6AF98C387495}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |"{EFCE6154-32C1-4456-B124-E79CEC3992B8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{F5347880-8EF4-4E74-B6C9-C64864F53D42}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |"{F888C131-3AEC-45B1-BF40-7DEB32925E73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |"{FBD67B2B-218C-42E4-B8DF-AF5241121995}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{FC7773B7-E671-49D9-9227-F23168DCC8C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer"{20150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013"{20150000-002A-0409-1000-0000000FF1CE}" = Microsoft Shared 64-bit MUI (English) 2013"{20150000-0116-0409-1000-0000000FF1CE}" = Microsoft Shared 64-bit Setup Metadata MUI (English) 2013"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1" = WiTopia"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared"{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)"NVIDIA Display Control Panel" = NVIDIA Display Control Panel"NVIDIA Drivers" = NVIDIA Drivers"PROSet" = Intel® Network Connections Drivers"WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{022457BB-2990-499D-A633-8927CE31EFED}" = Pass4sure Questions and Answers for Cisco 642-832"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{20150000-0011-0000-0000-0000000FF1CE}" = Microsoft Professional Plus 2013"{20150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{17EFEC3E-BA6E-4338-B5D4-2F2955215E36}" = Update for Microsoft Outlook 2013 Previ"{20150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013"{20150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013"{20150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013"{20150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013"{20150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013"{20150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013"{20150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - English"{20150000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - French"{20150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - Spanish"{20150000-002C-0409-0000-0000000FF1CE}" = Microsoft Proofing (English) 2013"{20150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013"{20150000-006E-0409-0000-0000000FF1CE}" = Microsoft Shared MUI (English) 2013"{20150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013"{20150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013"{20150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013"{20150000-00E1-0409-0000-0000000FF1CE}" = Microsoft OSM MUI (English) 2013"{20150000-00E2-0409-0000-0000000FF1CE}" = Microsoft OSM UX MUI (English) 2013"{20150000-0115-0409-0000-0000000FF1CE}" = Microsoft Shared Setup Metadata MUI (English) 2013"{20150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013"{20150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack"{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}" = PingPlotter Standard 3.40.2s"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"ENTERPRISE" = Microsoft Office Enterprise 2007"FileZilla Client" = FileZilla Client 3.6.0.2"GOM Player" = GOM Player"Google Chrome" = Google Chrome"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Full)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Nero8110_Micro_is1" = Nero 8 Micro v8.1.1.0"NIS" = Norton Internet Security"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office15.PROPLUS" = Microsoft Office Professional Plus 2013 Preview"Picasa 3" = Picasa 3"RealPlayer 15.0" = RealPlayer"RealPlayer 16.0" = RealPlayer"The KMPlayer" = The KMPlayer (remove only)"VISPROR" = Microsoft Office Visio Professional 2007"VLC media player" = VLC media player 2.0.3"Winamp" = Winamp"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-18"Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1578135603-1554508644-824331228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 7/11/2013 10:55:08 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10Description = [ System Events ]Error - 7/11/2013 10:55:45 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in MicrosoftManagement Console (MMC). Error - 7/11/2013 10:55:45 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 7/11/2013 10:58:33 AM | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dllError Code: 126 < End of report > Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701634 Share Posted July 11, 2013 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL [2013/06/15 17:14:22 | 000,000,000 | ---D | M] (MagniPic) -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.org [2013/02/16 16:26:08 | 000,010,339 | ---- | M] () -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo-1.xml [2013/02/16 16:25:55 | 000,010,339 | ---- | M] () -- C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo.xml CHR - default_search_provider: WebSearch (Enabled) CHR - default_search_provider: search_url = http://websearch.searchouse.info/?unqvl=25&l=1&q={searchTerms} CHR - homepage: http://websearch.searchouse.info/?unqvl=25 CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - Extension: MagniPic = C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcmogigadmlnaokcgflkjkcaccblokop\1\ :files ipconfig /flushdns /cThen click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701635 Share Posted July 11, 2013 See below OTL fix log ========== OTL ==========C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.org\content folder moved successfully.C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\extensions\z4ao@iawrl.org folder moved successfully.C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo-1.xml moved successfully.C:\Users\stepnharp\AppData\Roaming\Mozilla\Firefox\Profiles\y08a97jo.default\searchplugins\duckduckgo.xml moved successfully.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to change the HomePage.File C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.C:\Users\stepnharp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcmogigadmlnaokcgflkjkcaccblokop\1 folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\stepnharp\Downloads\Adware Removal Tools\Old Timer OTL\cmd.bat deleted successfully.C:\Users\stepnharp\Downloads\Adware Removal Tools\Old Timer OTL\cmd.txt deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 07112013_184341 Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701637 Share Posted July 11, 2013 What about now? Link to post Share on other sites More sharing options...
stepnharp Posted July 11, 2013 Author ID:701639 Share Posted July 11, 2013 Everything looks good so far. I think you have correct my PC. Thanks for you help. Scott Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701640 Share Posted July 11, 2013 Glad I could help, Scott! Please run OTL and click on CleanUp button. Next, uninstall AdwCleaner:Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesSome malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2013 ID:702735 Share Posted July 14, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts