Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old March 10th, 2014, 07:50 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Upon startup I get this message box: Caught unhandled unknown exception; terminating

Every time I restart my computer or start it up, I get this message box that says "***Caught unhandled unknown exception; terminating". I close the box and go on with by business. This can't be a normal thing, it just started happening a few months ago. I did a search for this and cannot find anything about it. Can someone help me get rid of this message or could possibly be a virus? Thanks
Reply With Quote
  #2  
Old March 10th, 2014, 11:25 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello pjgriff,

Not sure. Let's take a look.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.
Reply With Quote
  #3  
Old March 11th, 2014, 02:49 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
When I scanned with OTL, I got a popup box with this in it: There is no disk in the drive. Please insert a disk into drive\Device\Harddisk1\DR1.
I clicked cancel and it wouldn't cancel, I finally got it to go away by clicking the box with the x. Then it started scanning.

Here is the first Notepad text: It is too long to post, so I will have to post the rest in another post.

OTL logfile created on: 3/11/2014 8:16:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.67% Memory free
7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.65 Gb Total Space | 751.51 Gb Free Space | 81.81% Space Free | Partition Type: NTFS
Drive D: | 12.76 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS

Computer Name: PAT2 | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/11 08:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
PRC - [2014/01/22 13:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 19:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/10/30 17:51:34 | 002,838,568 | ---- | M] (The Nielsen Company) -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.ex e
PRC - [2013/10/30 17:51:30 | 000,091,688 | ---- | M] (The Nielsen Company) -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.ex e
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/21 15:05:32 | 002,113,536 | ---- | M] (NCP) -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/18 11:14:42 | 000,851,968 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\npfirefox processor.dll
MOD - [2013/12/18 11:14:14 | 001,246,720 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\npffaddon s.dll
MOD - [2013/12/18 11:13:34 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\npwmi.dll
MOD - [2013/12/18 11:13:20 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\npsurvey. dll
MOD - [2013/12/18 11:13:08 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\npsp1.dll
MOD - [2013/12/18 11:12:44 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\communica tion.dll
MOD - [2013/10/30 17:49:40 | 000,504,320 | ---- | M] () -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2004/07/19 12:06:58 | 000,520,192 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\c4dll.dll
MOD - [2003/05/28 07:55:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\ssleay32.dll
MOD - [2003/05/28 07:55:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\libeay32.dll
MOD - [2002/09/12 08:29:46 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\zlib.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2014/02/24 16:29:08 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/21 13:06:02 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/22 21:46:12 | 000,095,280 | ---- | M] (Prosoftnet) [Auto | Running] -- C:\Program Files (x86)\IDriveWindows\id_service.exe -- (IDriveService)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/30 17:51:34 | 002,838,568 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.ex e -- (NielsenUpdate)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2013/11/25 22:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 22:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 22:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/06 10:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/16 06:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/01 17:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/18 11:14:56 | 000,026,664 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\nnfwdk64. sys -- (nnfwdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2997274
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Pat\Desktop
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://calendar.yahoo.com/
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 39 ED B4 71 7D CE 01 [binary data]
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{E824C8A9-5616-4468-8DD3-20FB4346A74C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_ 70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_ 70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesk top\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pat\AppData\LocalLow\Unity\WebPlayer\load er\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Pat\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/08 17:54:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 13:18:46 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/08 07:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/08 07:52:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/08 17:54:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/08 07:52:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/08 07:52:47 | 000,000,000 | ---D | M]

[2011/10/23 07:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Extensions
[2014/03/04 06:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\extensions
[2011/05/28 14:21:45 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2011/05/28 14:21:58 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/02/09 15:07:06 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/03/04 06:59:17 | 000,537,046 | ---- | M] () (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/02/24 16:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/24 16:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/02/24 16:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/24 16:29:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/05 13:27:15 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjl cnpjnh\1.7.5_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjl cnpjnh\1.7.8_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof\14.2.0.1_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe" File not found
O4 - HKLM..\Run: [IDrive Tray] "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min File not found
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.ex e (The Nielsen Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Pat\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=0214c File not found
O4 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Pat\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=1213b File not found
O4 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe ()
O4 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000..\Run: [IDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe" File not found
O4 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000..\Run: [IDrive Tray] "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: craigslist.org ([post] https in Trusted sites)
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: globaltestmarket.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: iheartthemart.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: questionmarket.com ([survey] https in Trusted sites)
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: smartsource.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1693150615-1015179679-628459419-1000\..Trusted Domains: starbucks.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{14DA11BA-0C3B-4F15-8FBF-3794EFDBFEA9}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{D7BECF04-302D-43DF-AE82-7250127F0C52}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 () - http://www.indianajones.com/site/med...WP-58-1024.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cbe88c4d-4011-11e2-b5dd-78acc0c05b57}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe88c4d-4011-11e2-b5dd-78acc0c05b57}\Shell\AutoRun\command - "" = J:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{f31a8e12-195a-11e1-b446-78acc0c05b57}\Shell - "" = AutoRun
O33 - MountPoints2\{f31a8e12-195a-11e1-b446-78acc0c05b57}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/11 08:08:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2014/03/09 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\ebay 3-9
[2014/03/08 16:56:47 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\stove
[2014/03/08 07:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/08 07:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/03/08 07:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/03/05 11:58:19 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\sewing machine
[2014/03/04 13:56:35 | 000,000,000 | ---D | C] --
Reply With Quote
  #4  
Old March 11th, 2014, 02:50 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the rest of the first notepad:

C:\Users\Pat\Desktop\cookies
[2014/03/04 13:28:18 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\Butter Fried Chicken_files
[2014/03/02 16:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Print@Home
[2014/02/26 04:02:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/24 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/23 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\Quilt Patterns
[2014/02/13 04:01:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 04:00:48 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 04:00:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 04:00:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 04:00:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 04:00:46 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 04:00:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 04:00:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 04:00:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 04:00:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 04:00:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 04:00:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 04:00:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 04:00:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 04:00:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 04:00:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 04:00:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 04:00:44 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 04:00:44 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 04:00:44 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 04:00:44 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 04:00:43 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 04:00:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 04:00:40 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 18:32:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 18:32:22 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 07:10:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 07:10:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 07:10:34 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 07:10:33 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 07:10:33 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 07:10:33 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 07:10:33 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 07:10:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 07:10:33 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 07:10:33 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 07:10:33 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 07:10:33 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 07:10:33 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 07:10:33 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 07:10:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 07:10:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 07:10:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 07:10:33 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 07:10:33 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2013/12/13 08:19:34 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Pat\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/11 08:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/11 08:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2014/03/11 08:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/11 07:39:04 | 000,013,280 | ---- | M] () -- C:\Users\Pat\Desktop\CVS.odt
[2014/03/11 07:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/11 06:27:11 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/10 12:25:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPat.job
[2014/03/10 06:57:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/10 06:57:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/10 06:56:54 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/10 06:56:54 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/10 06:56:54 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/10 06:49:42 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/09 17:28:29 | 000,018,505 | ---- | M] () -- C:\Users\Pat\Desktop\Walgreens.odt
[2014/03/09 07:42:05 | 000,020,221 | ---- | M] () -- C:\Users\Pat\Desktop\Align confirmation.odt
[2014/03/06 12:11:24 | 000,014,217 | ---- | M] () -- C:\Users\Pat\DVD TITLES.odt
[2014/03/06 09:26:04 | 000,031,619 | ---- | M] () -- C:\Users\Pat\Desktop\The_Corpse_Came_C_O_D__(1947) _Poster.jpg
[2014/03/06 09:15:46 | 000,207,740 | ---- | M] () -- C:\Users\Pat\Desktop\AllThroughTheNight-1941-WB-half.jpg
[2014/03/04 15:53:10 | 000,015,488 | ---- | M] () -- C:\Users\Pat\Desktop\won free choc.odt
[2014/03/04 14:31:18 | 000,014,240 | ---- | M] () -- C:\Users\Pat\Desktop\Paint Chips I want.odt
[2014/03/04 13:28:18 | 000,004,979 | ---- | M] () -- C:\Users\Pat\Desktop\Butter Fried Chicken.htm
[2014/03/03 07:21:18 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPAT2$.job
[2014/02/27 04:01:57 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/24 17:48:14 | 000,018,103 | ---- | M] () -- C:\Users\Pat\Desktop\TARGET.odt
[2014/02/21 13:06:01 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 13:06:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/20 17:10:37 | 000,015,218 | ---- | M] () -- C:\Users\Pat\Desktop\quilted robe as is.odt
[2014/02/20 09:30:06 | 005,286,193 | ---- | M] () -- C:\Users\Pat\Desktop\den pics.zip
[2014/02/19 06:55:36 | 000,022,702 | ---- | M] () -- C:\Users\Pat\Desktop\Rebates to Buy.odt
[2014/02/19 06:49:12 | 000,020,020 | ---- | M] () -- C:\Users\Pat\Walgreens spend $25.odt
[2014/02/18 16:42:17 | 000,014,594 | ---- | M] () -- C:\Users\Pat\Desktop\recipe cards.odt
[2014/02/17 06:54:15 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/13 07:33:23 | 000,016,275 | ---- | M] () -- C:\Users\Pat\Kelloggs codes entered.odt
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========
[2014/03/09 07:42:04 | 000,020,221 | ---- | C] () -- C:\Users\Pat\Desktop\Align confirmation.odt
[2014/03/06 12:11:22 | 000,014,217 | ---- | C] () -- C:\Users\Pat\DVD TITLES.odt
[2014/03/06 09:36:56 | 000,207,740 | ---- | C] () -- C:\Users\Pat\Desktop\AllThroughTheNight-1941-WB-half.jpg
[2014/03/06 09:26:19 | 000,031,619 | ---- | C] () -- C:\Users\Pat\Desktop\The_Corpse_Came_C_O_D__(1947) _Poster.jpg
[2014/03/04 15:53:08 | 000,015,488 | ---- | C] () -- C:\Users\Pat\Desktop\won free choc.odt
[2014/03/04 13:28:17 | 000,004,979 | ---- | C] () -- C:\Users\Pat\Desktop\Butter Fried Chicken.htm
[2014/02/20 17:10:19 | 000,015,218 | ---- | C] () -- C:\Users\Pat\Desktop\quilted robe as is.odt
[2014/02/20 09:30:06 | 005,286,193 | ---- | C] () -- C:\Users\Pat\Desktop\den pics.zip
[2014/02/19 06:49:10 | 000,020,020 | ---- | C] () -- C:\Users\Pat\Walgreens spend $25.odt
[2014/02/09 08:19:37 | 000,021,901 | ---- | C] () -- C:\Users\Pat\Walmart Coupon policy.odt
[2014/02/07 08:21:03 | 001,804,514 | ---- | C] () -- C:\Users\Pat\Postal Chart.pdf
[2014/01/31 15:52:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/12/15 09:52:08 | 000,022,443 | ---- | C] () -- C:\Users\Pat\Keurig Washer.odt
[2013/12/14 11:05:31 | 000,020,621 | ---- | C] () -- C:\Users\Pat\Christmas Card List.ods
[2013/12/13 08:19:31 | 000,893,239 | ---- | C] () -- C:\Users\Pat\AppData\Local\a.zip
[2013/12/09 14:17:20 | 000,023,826 | ---- | C] () -- C:\Users\Pat\Xmas letter 2013.odt
[2013/11/29 14:49:04 | 000,019,817 | ---- | C] () -- C:\Users\Pat\Taken to Shop.odt
[2013/10/23 10:41:03 | 000,027,631 | ---- | C] () -- C:\Users\Pat\Start System XP.odt
[2013/08/21 16:32:05 | 000,014,732 | ---- | C] () -- C:\Users\Pat\Troop Soldier Toiletries - Brandon.odt
[2013/08/21 06:38:54 | 000,013,306 | ---- | C] () -- C:\Users\Pat\Peach codes.odt
[2013/08/12 13:56:13 | 000,020,718 | ---- | C] () -- C:\Users\Pat\LUCY items.odt
[2013/07/24 08:11:34 | 000,017,282 | ---- | C] () -- C:\Users\Pat\Mosquito trap.odt
[2013/06/01 15:28:48 | 000,012,955 | ---- | C] () -- C:\Users\Pat\Pennies before 1982.odt
[2013/04/28 16:43:37 | 000,013,608 | ---- | C] () -- C:\Users\Pat\Silk Book.odt
[2013/03/21 11:50:57 | 000,023,972 | ---- | C] () -- C:\Users\Pat\walgreens cpn policy.odt
[2013/03/07 08:33:26 | 000,018,484 | ---- | C] () -- C:\Users\Pat\Dollar Tree coupon policy.odt
[2013/03/01 14:18:18 | 000,048,483 | ---- | C] () -- C:\Users\Pat\Passwords Jan13.ods
[2013/03/01 14:18:02 | 000,024,208 | ---- | C] () -- C:\Users\Pat\Email addresses.odt
[2013/02/11 18:16:38 | 000,010,302 | ---- | C] () -- C:\Users\Pat\Remove Program not in Programs.odt
[2013/02/11 17:50:46 | 000,009,500 | ---- | C] () -- C:\Users\Pat\Open Office How To.odt
[2013/02/07 16:04:32 | 000,018,323 | ---- | C] () -- C:\Users\Pat\Freezer sm Wards.ods
[2013/02/07 11:32:49 | 000,018,071 | ---- | C] () -- C:\Users\Pat\Freezer downstairs.ods
[2013/02/04 13:05:27 | 000,013,491 | ---- | C] () -- C:\Users\Pat\Orchestra labels.odt
[2013/02/02 19:27:11 | 000,019,506 | ---- | C] () -- C:\Users\Pat\Mom sales 2013.ods
[2013/01/17 09:29:25 | 000,012,978 | ---- | C] () -- C:\Users\Pat\CVS 98% threshold.odt
[2012/12/13 12:49:07 | 000,016,275 | ---- | C] () -- C:\Users\Pat\Kelloggs codes entered.odt
[2012/12/10 17:09:07 | 000,059,829 | ---- | C] () -- C:\Users\Pat\tree quilt ornament.jpg
[2012/12/06 11:46:17 | 000,019,448 | ---- | C] () -- C:\Users\Pat\Dollar Tree list.ods
[2012/10/30 08:10:57 | 000,877,942 | ---- | C] () -- C:\Users\Pat\Box Labels pdf ReadersDigest.pdf
[2012/10/28 15:34:08 | 000,017,229 | ---- | C] () -- C:\Users\Pat\Freezer UPSTAIRS.ods
[2012/10/27 19:20:12 | 000,158,616 | ---- | C] () -- C:\Users\Pat\TV_Theme-I_LOVE_LUCY.mp3
[2012/10/27 16:29:18 | 000,013,465 | ---- | C] () -- C:\Users\Pat\PIZZA JOB SIGN.odt
[2012/10/24 13:35:06 | 000,067,130 | ---- | C] () -- C:\Users\Pat\Readers Digest Boxes.odt
[2012/10/23 13:08:50 | 000,268,434 | ---- | C] () -- C:\Users\Pat\tv_theme-Maverick.mp3
[2012/10/09 09:40:17 | 007,450,541 | ---- | C] () -- C:\Users\Pat\RAZR_M_manual.pdf
[2012/08/17 06:44:18 | 000,018,308 | ---- | C] () -- C:\Users\Pat\Other Flea Mkt, Antiques.odt
[2012/08/11 06:26:34 | 000,027,520 | ---- | C] () -- C:\Users\Pat\AppData\Local\dt.dat
[2012/08/02 09:05:26 | 000,026,317 | ---- | C] () -- C:\Users\Pat\Season Cast Iron Flaxseed.odt
[2012/07/05 17:41:29 | 000,202,786 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/07/05 17:41:29 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/06/28 13:42:20 | 000,009,319 | ---- | C] () -- C:\Users\Pat\Wax for Furniture.odt
[2012/06/22 16:21:29 | 000,015,875 | ---- | C] () -- C:\Users\Pat\Waxing Furniture.odt
[2012/06/12 08:03:18 | 000,025,105 | ---- | C] () -- C:\Users\Pat\How to Paint Furniture.odt
[2012/06/10 14:03:01 | 000,518,338 | ---- | C] () -- C:\Users\Pat\Compost nebguide.pdf
[2012/06/08 08:20:33 | 000,024,322 | ---- | C] () -- C:\Users\Pat\compost.odt
[2012/05/30 16:38:16 | 000,027,935 | ---- | C] () -- C:\Users\Pat\DAV tax receipt.pdf
[2012/04/08 11:59:28 | 000,022,380 | ---- | C] () -- C:\Users\Pat\Mom's catalogs.ods
[2012/04/05 19:43:02 | 000,016,778 | ---- | C] () -- C:\Users\Pat\My Points Signups.ods
[2012/03/25 06:47:14 | 000,026,342 | ---- | C] () -- C:\Users\Pat\orchids.odt
[2012/01/28 17:57:07 | 001,370,951 | ---- | C] () -- C:\Users\Pat\HP C3100 manual.pdf
[2012/01/10 16:42:36 | 000,020,453 | ---- | C] () -- C:\Users\Pat\Blue Cross Pharmacy List.odt

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Reply With Quote
  #5  
Old March 11th, 2014, 02:52 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the 2nd Notepad report, part of it will be posted in another post:

OTL Extras logfile created on: 3/11/2014 8:16:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.67% Memory free
7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.65 Gb Total Space | 751.51 Gb Free Space | 81.81% Space Free | Partition Type: NTFS
Drive D: | 12.76 Gb Total Space | 1.57 Gb Free Space | 12.27% Space Free | Partition Type: NTFS

Computer Name: PAT2 | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{00B3A617-AF67-4006-9BD6-313854D6529D}" = lport=445 | protocol=6 | dir=in | app=system |
"{03B133E1-45E8-421D-8B1F-8D9551666CB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1613B6F7-D6ED-4414-8C61-D7D0AB8C80BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{28E86FC4-F137-4A63-9753-14C036958C5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E76149E-8EED-4A37-BDD8-0324948A59C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40B257AA-2A40-4FC2-9AFE-7702AC17D24A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E75F1B9-8D4C-43C4-B42C-1FC5B63AED17}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4EAD554E-C2DC-4552-A672-B421045DFA26}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DABF8FA-6657-41DE-A4C1-C8E81A42FA73}" = lport=139 | protocol=6 | dir=in | app=system |
"{642F0B38-7F97-47D4-8028-DBE10B2709CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68AA571B-BB0C-4B65-AC9A-7693331BF69A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F4027BA-59BE-4109-AD89-37CFE408CD27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7267D50C-D4D1-4D9D-B81D-C0FA341F9697}" = lport=137 | protocol=17 | dir=in | app=system |
"{82BF2F74-F1BA-44C6-85AC-0FC21725AC14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9947E714-D601-485D-A3A0-C82D85E2CFF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DBFEA76-489A-489B-A756-51424BF8F31C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AABF42FD-5AEC-4C20-AB96-24604ECBC571}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE1DF0F9-CC97-40B6-9554-5C38A0C114C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE7B0F5D-3A03-42A5-8CAA-17EBD12FCB1B}" = rport=139 | protocol=6 | dir=out | app=system |
"{CECA67E6-C4C4-4A9B-A1DB-AD5AF416BAC2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E06411FC-3476-4A1F-B297-DC95D0852D3E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E2CE0C01-81CD-445C-A063-50E42ACA0061}" = rport=137 | protocol=17 | dir=out | app=system |
"{E84006C6-36C3-4742-9F88-88A416F4D0CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E9AC795C-9B31-467C-826B-94B6DD6ECC71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0B4B3AE-E66A-4285-9F70-CEB7B16589D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{F334AEF1-C2DB-4AA8-838E-04FC5D1428D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0543FFFC-018B-428D-946A-0519FDE736E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{065A8A44-4120-41BA-AFE1-ADB1A604C297}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychec ker.exe |
"{0884AF78-D4AB-4E12-B788-C220936183C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C02B3C0-F4E7-4FF8-B6FB-DCD832D97023}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0D106728-0C36-465B-B975-45257823D3E9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{123CE771-899A-4201-B137-720921B86A39}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1718BC77-DF62-44E7-BA10-35CA77B50E33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{1BB6C5A4-7FF3-49DD-AE72-F9AF87C72DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1C443C20-B4F9-458B-96BF-D90E49F3771D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1D42732B-A145-4ED0-914E-21A62A268361}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{1E74F0EB-6D06-43C6-AC25-2FF8E54ED7F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{26352095-64D9-487F-855C-4CC2F4F7A72E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{281EA8B6-3F27-4EFA-BD4A-5FC96BF1522E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{28E39856-FB06-41F2-8AA5-B8629DE67410}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B568D71-121C-4DC8-9845-BF966EDA420B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2C55C8B2-7C7A-43F8-84B9-E07B6F451689}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{2CD13FAB-5FA8-415D-BCFA-80BF35DA0554}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2FBAECCF-1BFF-4147-B7B1-DFD2F416621B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36F8F7C6-6E8B-498D-BC87-641CD23D30E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37C169DE-C3AB-4EA8-B8B2-DC524F22A258}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{37C69784-F816-4FED-913A-0CFE9ACF0CC1}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{37E5EA40-5E72-4A47-BD3A-AA85B042F839}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{39AE4FF2-D2D6-4851-B445-941135084C7D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{3B17B451-3304-4E02-A525-F668AB86D5E8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CC7DF1B-A8BE-4C99-97BF-24DF2C7315BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4318A911-9DDC-407B-BDE0-20D914296AC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4A3823EF-9986-4A44-8F0A-044BF4EF0E7F}" = protocol=58 | dir=in | app=system |
"{4CE988C0-3F5F-4C37-96FF-E9FBDB0B7679}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4DC9F1FA-0F84-43A4-AA37-92C294E471BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53899EC6-AEB4-4A14-BEA0-79F4441EB4BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{57B40C9D-A6F4-4475-B35C-908D2211BD66}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{57CE5E02-E312-497D-807A-45EAFB82F4D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{5871AE53-578F-4DEB-A5F8-42FE44B4BF8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{5EF5E78F-CC2E-4504-B73A-A8024E3686DE}" = protocol=6 | dir=out | app=system |
"{5FF7C431-AB02-4984-B0D0-18C656FD764E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6422209C-9D04-4940-801B-B21CD2DBBB71}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64A45765-43A7-485F-96FC-851E3D90D2B3}" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon.exe |
"{697448B6-C0D2-41D1-9A7A-71F7BD2855E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{78DDE5BD-B503-4F9B-A79C-DEF02CBC2BEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7C4B0CB7-2958-4E2C-BECE-8F9452D9D0C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{7EE98B7F-6F18-4105-B15C-21D24D8A877A}" = protocol=17 | dir=in | app=c:\users\pat\appdata\local\temp\7zs3af1\hpdiag nosticcoreui.exe |
"{82B2A564-FE7E-40EF-B266-5BAC765695E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{8363CE26-3C4C-4C29-B486-BEFF24878E24}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{844A3620-D6BE-4D6E-8D2C-D14FDB8039B2}" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"{8B9C9637-A67A-41AE-A6E8-69296C0A86FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D1C88F4-8A80-4665-B0DF-32E21F3C15FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8EEDDDE9-1AE2-482D-BEAF-AB62D0E41D53}" = protocol=6 | dir=in | app=c:\users\pat\appdata\local\temp\7zs3af1\hpdiag nosticcoreui.exe |
"{937512F8-71A7-4170-A6BA-1FAA17026D9E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9665D52B-B176-4A84-98C4-5F305EC05E54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9CB46A2D-DD55-4397-AA59-419C01FE5992}" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon.exe |
"{9D4CA0A2-30CA-40E4-86FF-3C6140127D0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{A1EE3EE6-A009-474B-A46B-ED3FDF897AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{A274E632-725E-41FD-8684-9CD31327A446}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A55D68D7-1CED-4244-91FF-DB98CD92241C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{A677B2C4-2763-4D5F-AA82-066F691E0BF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6AF460C-5F8A-4CDF-AB5D-026130A109CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{AEDE27B5-B5E0-4665-9870-07C604DB6082}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{AF04B302-6A56-44DB-9A69-07F6598B8813}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{B1DEB012-28FF-4199-8E70-1AA21CF373EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B59BB249-582D-4001-BF3E-7579304C193E}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{B7344C84-14C6-49A6-A5EF-1C20162A4582}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B836ACA8-C4C8-439E-90FD-24BB5F594816}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B92273C0-98CA-44FE-9B34-D35528D8A827}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BB85D732-4564-42C0-8709-10CFA1C971A1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{BF7995C2-EB45-49BC-AEA8-68BF3715C7C1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C381C644-3271-49E2-A842-714647996DC7}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{C47CA711-EAC9-4280-8409-39AC0023B809}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{CD452708-AFE6-4042-91AA-63C0861CD466}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDF6F696-41BB-42B5-95F1-AA5087F8ED86}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CE8CD159-B864-40A3-B5D6-B1AC6D75D71E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D3306509-0AEF-4120-8F9A-907928B520CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{D52208E0-C628-4CAE-B562-F5E161BA4501}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetect ion3.exe |
"{DCBE84E6-4049-4285-AC77-43BA38B46AB6}" = dir=in | app=c:\users\pat\appdata\local\temp\7zs4533\ojprol 7x00_full_14\setup\hpznui40.exe |
"{DCCE533C-6142-4EBC-B211-3D69F207B523}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E64DA4D1-CE61-4818-A6ED-7287F7BEAF72}" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"{E728EFBF-46CF-41D0-B565-AC9F94607585}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{ECC177E3-9D98-4E4A-AE96-54388FBF006A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0AFBF3F-D71F-4F0E-83AF-6BF2A1D2AB76}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{F0B6BCDC-A3B4-45B0-A682-4BA5F6EB1B15}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{F1F2B759-F687-4131-8C77-C4AF4F01451E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F51B2FC8-6EF3-4798-9FAB-764F4BFCDF56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D23C24-1688-4C5C-A8C9-D8A26AAE5941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FE5A2C34-A9C1-4BB9-8ED7-A0F3972F243A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2AAC3B51-C1BE-40C2-B262-F25620F5F07D}C:\program files\verizon cloud\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon.exe |
"TCP Query User{366CEEF5-E3B1-44A7-AF7B-CB0BD4E4E1C5}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"TCP Query User{6E23E567-1982-4201-8195-6CAEFBEB006E}C:\program files (x86)\idrivewindows\id_tray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\idrivewindows\id_tray.exe |
"UDP Query User{18C2A354-4C11-4DC0-A177-C308B4D0E70D}C:\program files (x86)\idrivewindows\id_tray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\idrivewindows\id_tray.exe |
"UDP Query User{860BA91A-483B-4D5C-9F46-CEF4A555D6D3}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"UDP Query User{FBB3BBA0-606F-4B4D-BC13-5305394EA761}C:\program files\verizon cloud\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{21C069A6-6934-4EF1-92C9-CC6CFF1416A0}" = Catalina Savings Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"AVG" = AVG 2014
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Recuva" = Recuva
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0099B484-C24C-4D5F-8167-B0F6DF196E72}" = Adobe Shockwave Player 12.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{123D4082-3194-4191-9139-067E9157C2B2}" = Print@Home
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CEB5AC4-B6F8-414C-845D-4295C125D17B}" = NCP Internet Transporter
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Internet Transporter - NCP Link
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C4CC491B-5E85-4E96-8911-DF425893DF4A}" = L7500
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}" = Google+ Auto Backup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"IDrive Windows_is1" = IDrive Version - 6.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetSight" = NCP Connect
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1693150615-1015179679-628459419-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Amazon Kindle" = Amazon Kindle
"HuluDesktop" = Hulu Desktop
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2014 9:23:21 AM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: MSHTML.dll, version: 11.0.9600.16476,
time stamp: 0x52947390 Exception code: 0xc0000005 Fault offset: 0x00486749 Faulting
process id: 0x39c Faulting application start time: 0x01cf1db4511745fd Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: aff07752-89b1-11e3-ae52-78acc0c05b57

Error - 2/2/2014 9:05:35 AM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: MSHTML.dll, version: 11.0.9600.16476,
time stamp: 0x52947390 Exception code: 0xc0000005 Fault offset: 0x00056691 Faulting
process id: 0x1e90 Faulting application start time: 0x01cf200d023970c0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: b3ccb02b-8c0a-11e3-b12a-78acc0c05b57

Error - 2/3/2014 8:42:43 AM | Computer Name = Pat2 | Source = Windows Backup | ID = 4103
Description =

Error - 2/7/2014 8:35:49 AM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: NielsenOnline.exe, version: 6.1.0.11, time
stamp: 0x52717087 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process
id: 0xf78 Faulting application start time: 0x01cf203680b3095b Faulting application
path: C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.ex e Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5f6b019f-8ff4-11e3-b4b1-78acc0c05b57

Error - 2/8/2014 4:03:53 PM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: NielsenOnline.exe, version: 6.1.0.11, time
stamp: 0x52717087 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process
id: 0x2ef0 Faulting application start time: 0x01cf24014de63dd8 Faulting application
path: C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.ex e Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 219a456b-90fc-11e3-b4b1-78acc0c05b57

Error - 2/9/2014 9:00:02 PM | Computer Name = Pat2 | Source = Windows Backup | ID = 4103
Description =

Error - 2/12/2014 1:16:50 PM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: jscript9.dll, version: 11.0.9600.16476,
time stamp: 0x5294589a Exception code: 0xc0000005 Fault offset: 0x0000ad8f Faulting
process id: 0x2fd8 Faulting application start time: 0x01cf28161bbdc5f7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 75587700-9409-11e3-ae07-78acc0c05b57

Error - 2/12/2014 2:05:53 PM | Computer Name = Pat2 | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428,
time stamp: 0x525b664c Faulting module name: jscript9.dll, version: 11.0.9600.16476,
time stamp: 0x5294589a Exception code: 0xc0000005 Fault offset: 0x00063eb7 Faulting
process id: 0x2fd8 Faulting application start time: 0x01cf28161bbdc5f7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 4f97ed42-9410-11e3-ae07-78acc0c05b57

Error - 2/16/2014 9:09:39 PM | Computer Name = Pat2 | Source = Windows Backup | ID = 4103
Description =

Error - 2/16/2014 9:19:25 PM | Computer Name = Pat2 | Source = Windows Backup | ID = 4103
Description =

[ Hewlett-Packard Events ]
Error - 10/6/2012 2:50:13 PM | Computer Name = Pat2 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4061 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 10/12/2012 3:00:08 AM | Computer Name = Pat2 | Source = HPSF.exe | ID = 4000
Description =

Error - 11/6/2012 11:11:55 AM | Computer Name = Pat2 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4061 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 11/6/2012 11:11:57 AM | Computer Name = Pat2 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4061 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 11/12/2012 7:56:55 AM | Computer Name = Pat2 | Source = HPSF.exe | ID = 4000
Description =
Reply With Quote
  #6  
Old March 11th, 2014, 02:53 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the rest of the 2nd report:

Error - 11/12/2012 8:09:44 AM | Computer Name = Pat2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087HPSF.exe Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(S tring
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(S tring
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(S tring
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(S tring
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMe ssengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.send TimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4061 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messag ing.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 11/12/2012 8:10:06 AM | Computer Name = Pat2 | Source = HPSF.exe | ID = 4000
Description =

Error - 11/12/2012 8:10:07 AM | Computer Name = Pat2 | Source = HPSF.exe | ID = 4000
Description =

Error - 11/13/2012 2:45:06 PM | Computer Name = Pat2 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4061 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 11/13/2012 2:45:06 PM | Computer Name = Pat2 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4061 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 3/7/2014 9:05:13 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7000
Description = The PDF Document Manager service failed to start due to the following
error: %%2

Error - 3/8/2014 5:57:41 PM | Computer Name = Pat2 | Source = DCOM | ID = 10016
Description =

Error - 3/9/2014 8:46:07 AM | Computer Name = Pat2 | Source = DCOM | ID = 10010
Description =

Error - 3/9/2014 8:49:19 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Toolbar ISWKL service failed to start due to the following
error: %%3

Error - 3/9/2014 8:49:19 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar
ISWKL service which failed to start because of the following error: %%3

Error - 3/9/2014 8:49:48 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7000
Description = The PDF Document Manager service failed to start due to the following
error: %%2

Error - 3/10/2014 7:49:45 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Toolbar ISWKL service failed to start due to the following
error: %%3

Error - 3/10/2014 7:49:45 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar
ISWKL service which failed to start because of the following error: %%3

Error - 3/10/2014 7:49:56 AM | Computer Name = Pat2 | Source = Service Control Manager | ID = 7000
Description = The PDF Document Manager service failed to start due to the following
error: %%2

Error - 3/10/2014 1:18:38 PM | Computer Name = Pat2 | Source = DCOM | ID = 10016
Description =


< End of report >
Reply With Quote
  #7  
Old March 11th, 2014, 11:37 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Infection, so we will have to switch gears. I'll ask a Mod to move this to the CTH Malware Removal Forum.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

ZoneAlarm Toolbar - Adware/spyware/search hijacker (bad boy Zone Alarm).
Catalina Savings Printer - Adware.
NCP Internet Transporter - Adware.
Internet Transporter - NCP Link - Adware.
Coupon Printer for Windows - Spyware.
NCP Connect - Adware.
Mozilla Maintenance Service - Of no benefit to the user.

---------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
Reply With Quote
  #8  
Old March 12th, 2014, 02:40 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the report from RogueKiller:

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pat [Admin rights]
Mode : Scan -- Date : 03/12/2014 08:37:04
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 6
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Pat\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=1213b [x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Pat\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=0214c [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1693150615-1015179679-628459419-1000\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Pat\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=1213b [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1693150615-1015179679-628459419-1000\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Pat\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1597acecbf4647d1a7d6a9e58624b2a4-c15de2984ca54ce2180d8c5c865cd4bb407e627f /CMPID=0214c [x][x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Browser Addons : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 95b59e189be54fb56ec88b589ecb84d8
[BSP] 3109c98f27609e05e17f61b03fafbc41 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940700 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926760448 | Size: 13067 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Officejet Pro L7 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03122014_083704.txt >>
Reply With Quote
  #9  
Old March 12th, 2014, 02:44 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the report from AdwCleaner:

# AdwCleaner v3.021 - Report created 12/03/2014 at 08:42:18
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pat - PAT2
# Running from : C:\Users\Pat\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\searchplugins\web-search.xml
File Found : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\user.js
Folder Found : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof
Folder Found : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Folder Found C:\Users\Pat\AppData\Local\Conduit
Folder Found C:\Users\Pat\AppData\Local\PackageAware
Folder Found C:\Users\Pat\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Pat\AppData\LocalLow\Conduit
Folder Found C:\Users\Pat\AppData\LocalLow\Toolbar4

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2997274
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\conduitEngine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("extensions.snipit.askTbInstalled", true);
Line Found : user_pref("extensions.snipit.history_query", "free%20mind%20flow%20chart=ASKURL=hxxp://www.ask.com/web?q=free%20mind%20flow%20chart&qsrc=2871&o=13173 &l=dis||free%20mind%20flow%20chart=ASKURL=//www.ask[...]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : icon_url
Found : search_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [7884 octets] - [12/03/2014 08:42:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7944 octets] ##########
Reply With Quote
  #10  
Old March 12th, 2014, 11:13 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

Also a new OTL scan log please.
Reply With Quote
  #11  
Old March 13th, 2014, 01:47 AM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
I am having trouble with adwcleaner. I double clicked on the program but there was no "Delete" to click on. So I clicked on scan, but nothing came up and it said I had to "Clean" to delete anything. I was afraid to click on Clean, is that what I'm supposed to do?
Pat
Reply With Quote
  #12  
Old March 13th, 2014, 03:35 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Thanks for reminding me to update my steps. Click the Clean button please.
Reply With Quote
  #13  
Old March 13th, 2014, 12:52 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Thanks, here is the adwcleaner report:

# AdwCleaner v3.021 - Report created 13/03/2014 at 06:45:55
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pat - PAT2
# Running from : C:\Users\Pat\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Pat\AppData\Local\Conduit
Folder Deleted : C:\Users\Pat\AppData\Local\PackageAware
Folder Deleted : C:\Users\Pat\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Pat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pat\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Folder Deleted : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\searchplugins\web-search.xml
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2997274
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profi les\0tc5a2wi.ProfileName\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Line Deleted : user_pref("extensions.snipit.history_query", "free%20mind%20flow%20chart=ASKURL=hxxp://www.ask.com/web?q=free%20mind%20flow%20chart&qsrc=2871&o=13173 &l=dis||free%20mind%20flow%20chart=ASKURL=//www.ask[...]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [8080 octets] - [12/03/2014 08:42:18]
AdwCleaner[R1].txt - [8140 octets] - [12/03/2014 19:38:12]
AdwCleaner[R2].txt - [8200 octets] - [12/03/2014 19:42:42]
AdwCleaner[R3].txt - [8260 octets] - [13/03/2014 06:45:03]
AdwCleaner[S0].txt - [7615 octets] - [13/03/2014 06:45:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7675 octets] ##########
Reply With Quote
  #14  
Old March 13th, 2014, 01:03 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
Here is the Malwarebytes Report:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Pat :: PAT2 [administrator]

3/13/2014 6:53:34 AM
mbam-log-2014-03-13 (06-53-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247619
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Pat\AppData\Local\Temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Pat\Local Settings\Temporary Internet Files\Content.IE5\8M77AOD1\InstallConverter.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Pat\AppData\Local\Temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
Reply With Quote
  #15  
Old March 13th, 2014, 02:33 PM
pjgriff pjgriff is offline
Senior Member
 
Join Date: Oct 2006
O/S: Windows 10 Home
Posts: 121
I could not save/find the text file from the esetsmartinstaller scan, but I saved it to a document file:

C:\Users\Pat\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\TUEOZFFW\zaSetupWeb_120_121_000. exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
AdwCleaner Not Rmoving Pups - Caught Unhandled unknown exception BuzWeaver Malware Removal 9 February 14th, 2018 02:08 AM
"Unhandled Exception" at startup __James__ Windows XP 3 April 13th, 2008 09:11 PM
GTA 3 Unhandled Exception Error Jerebear Gaming 1 June 26th, 2006 10:13 AM
Unhandled Exception Error in WinXP linbenja Windows XP 1 April 5th, 2004 05:32 AM
Unhandled Exception bettyboop38 Windows 98 1 March 25th, 2004 09:42 PM


All times are GMT +1. The time now is 02:44 AM.