Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: browser redirect and god knows what else

  1. #1
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default browser redirect and god knows what else

    hi i,m sending the things needed to get started looking into some issues that have been popping up with my computer. i'll let you have a look then see where we go from there, thank you very much

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
    Run by me again at 10:49:28 on 2014-06-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2243 [GMT -6:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uProxyServer = localhost:21320
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
    uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "C:\Users\me again\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: NameServer = 192.168.0.1 205.171.202.166
    TCP: Interfaces\{E23DCF86-E7BE-4937-B94A-72EEF59BB9CD} : DHCPNameServer = 192.168.0.1 205.171.202.166
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coieplg.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coieplg.dll
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\me again\AppData\Roaming\Mozilla\Firefox\Profiles\z3ejlhx5.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Users\me again\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Users\me again\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\me again\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-12-15 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-12-15 1139800]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-9 1530160]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-12-15 169048]
    R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07000.02F\ccsetx64.sys [2014-5-21 162392]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20140612.001\IDSviA64.sys [2014-6-12 525016]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-12-15 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-12-15 433752]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-8 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-8 860472]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-12-15 144368]
    R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe [2014-5-21 130104]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-27 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-27 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-27 171416]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 228408]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-6-29 126976]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-8 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-8 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-8 63704]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
    S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-21 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-21 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-16 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-06-11 16:23:00 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-06-11 16:23:00 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-06-11 16:19:08 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-11 16:19:08 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-11 16:07:52 -------- d-sh--w- C:\Users\me again\AppData\Local\EmieUserList
    2014-06-11 16:07:52 -------- d-sh--w- C:\Users\me again\AppData\Local\EmieSiteList
    2014-06-08 21:48:45 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-08 21:48:18 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-08 21:48:18 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-08 21:48:18 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-08 21:48:18 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-08 21:48:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-24 20:50:12 -------- d-----w- C:\Users\me again\AppData\Local\CrashDumps
    2014-05-21 21:05:58 162392 ----a-w- C:\Windows\System32\drivers\NSTx64\7DE07000.02F\ccsetx64.sys
    2014-05-21 21:05:54 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE07000.02F
    2014-05-16 14:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
    .
    ==================== Find3M ====================
    .
    2014-06-12 05:10:38 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-06-12 05:10:38 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-13 20:43:28 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-04-15 02:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-04-01 04:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2014-04-01 04:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    .
    ============= FINISH: 10:50:31.52 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-06-13 11:13:16
    -----------------------------
    11:13:16.138 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:13:16.138 Number of processors: 2 586 0x170A
    11:13:16.138 ComputerName: MEAGAIN-PC UserName: me again
    11:13:18.120 Initialize success
    11:15:48.762 AVAST engine defs: 14061300
    11:16:00.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    11:16:00.602 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 11
    11:16:00.867 Disk 0 MBR read successfully
    11:16:00.867 Disk 0 MBR scan
    11:16:00.867 Disk 0 Windows 7 default MBR code
    11:16:00.883 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292665 MB offset 2048
    11:16:00.930 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12576 MB offset 599379968
    11:16:01.226 Disk 0 scanning C:\Windows\system32\drivers
    11:16:18.979 Service scanning
    11:16:23.378 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20140606.001\BHDrvx64.sys **LOCKED** 5
    11:16:28.074 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
    11:16:28.760 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
    11:16:34.127 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20140612.001\IDSvia64.sys **LOCKED** 5
    11:16:41.615 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20140613.002\ENG64.SYS **LOCKED** 5
    11:16:41.927 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20140613.002\EX64.SYS **LOCKED** 5
    11:17:00.818 Modules scanning
    11:17:00.818 Disk 0 trace - called modules:
    11:17:00.849 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    11:17:00.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004946060]
    11:17:00.865 3 CLASSPNP.SYS[fffff88001a7e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004766060]
    11:17:03.657 AVAST engine scan C:\Windows
    11:17:07.199 AVAST engine scan C:\Windows\system32
    11:22:08.160 AVAST engine scan C:\Windows\system32\drivers
    11:22:46.194 AVAST engine scan C:\Users\me again
    11:23:48.768 Disk 0 MBR has been saved successfully to "C:\Users\me again\Documents\MBR.dat"
    Attached Files Attached Files
    Last edited by tashi; 2014-06-14 at 06:50. Reason: Copy pasted 2 logs into topic

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi again,

    Are you being redirected to other sites as i am looking at a bad proxy setting ?
    uProxyServer = localhost:21320

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Still with me, still need help ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #4
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default redirects etc.

    hi, i'll just give my understanding of the issues i have here, then we can narrow things down from there. my wife and grandkids use this computer regularly and safe surfing is not really in the vocabulary. i try and keep an eye on things but can't keep up with it all the time. lately while my wife is going over the news (nbc) mostly i noticed the firefox wanted to redirect at about every site she tries to load. i have the fox configured to block that sort of thing, so its never allowed as a rule however its a little bothersome to me. i may be just paranoid from a bad experience a while back but it seems like a lot of redirecting that shouldn't be coming up. i guess my ignorance is showing a bit here but i'm not familiar with proxy settings, i will go with what the spy-bot defaults suggest and call it good. any settings that are changed from that i'm not aware of,if you see anything that doesn't look right let me know. ok under the heading of god knows what else, i'm attaching the malware bytes scan log that was done at the same time we were fixing my other machine "again thanks for the help on that one". as you can see this machine was had bad by wedownload manager. as with mysearchdial on the other machine i thought i had removed wedownload off this computer. however as you can see malware bytes found it hiding still. i might mention wedownload is possibly the most tenacious and annoying software i have ever come across (my wife was thrilled to be offered a wife from overseas as well as an endless line of useless stuff) since that experience she is motivated to learn more about this safe surfing stuff. i still haven't figured out where she got wedownload but i hope to never see it again. i'll close now, hope i attached the right log (dds) let me know if i got that right. thanks a again and have a good one.
    Attached Files Attached Files

  5. #5
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default Otl

    just a hunch i didn't get the right folder last time, this attachment should be what your wanting to see sorry about that.
    Attached Files Attached Files

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    If you still require my help you need to reread my initial post to you and follow instructions, I did not ask you to run Malwarebytes or DDS, I asked for a OTL log so we can remove that bad proxy. I see that Malwarebytes removed most of wedownload but it may not all be gone, an OTL log will show if there is more to remove besides that bad proxy
    Last edited by ken545; 2014-06-17 at 00:46.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default OTL log

    Quote Originally Posted by ken545 View Post
    If you still require my help you need to reread my initial post to you and follow instructions, I did not ask you to run Malwarebytes or DDS, I asked for a OTL log so we can remove that bad proxy. I see that Malwarebytes removed most of wedownload but it may not all be gone, an OTL log will show if there is more to remove besides that bad proxy
    hi ken, we may have crossed paths with the OTL thing. looks like our last messages were pretty close together. the malware scan was just put in to show what kind of stuff was on the computer earlier hope its gone but we will see. if you have any problems with the OTL file let me know. thanks

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, no problem but you did not copy and paste or attach the OTL log. I prefer if you copy and pasted it, you can attach the extras

    Never mind i found it
    Last edited by ken545; 2014-06-17 at 03:20.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    We going to remove that proxy, also your host file is infected so we are going to reset it, these are where your redirects are coming from. I think I would stay away from PopCap games and wild tangent as those games are add related


    Run these in order please


    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKLM\..\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKCU\..\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
      [2014/04/01 08:52:04 | 000,450,628 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140425-185555.backup
      [2014/03/11 08:47:09 | 000,450,628 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140401-085204.backup
      [2014/02/11 10:22:11 | 000,450,628 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140311-084709.backup
      [2014/01/25 21:40:45 | 000,450,558 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140130-031455.backup
      [2014/01/15 12:23:38 | 000,450,558 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140125-204045.backup
      [2014/01/04 13:53:02 | 000,450,558 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140115-112338.backup
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [EMPTYJAVA] 
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces







    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.





    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default OTL fix

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    C:\Windows\SysNative\drivers\etc\hosts.20140425-185555.backup moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20140401-085204.backup moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20140311-084709.backup moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20140130-031455.backup moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20140125-204045.backup moved successfully.
    C:\Windows\SysNative\drivers\etc\hosts.20140115-112338.backup moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\me again\Downloads\cmd.bat deleted successfully.
    C:\Users\me again\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: me again
    ->Java cache emptied: 358695 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: me again
    ->Temp folder emptied: 159659424 bytes
    ->Temporary Internet Files folder emptied: 49794508 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 408841110 bytes
    ->Google Chrome cache emptied: 363143934 bytes
    ->Flash cache emptied: 2012 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 390334983 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43294360 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,350.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06162014_190833

    Files\Folders moved on Reboot...
    C:\Users\me again\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\me again\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    hi ken i will be posting the results of each step as i do them to keep things in order here is the OTL fix log

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •