Fell for the Ammyy Scam..HELP!

pinheadzjr2 · June 27, 2012

I recently got a phone call from a guy who said he was working for Microsoft and is seeing a lot of problems with my computer, then they got me to download ammyy. I let them move around my computer and let them type some things in the run box to see how much corruption my computer had. After that he tried to get me to buy a program that looked suspicious so I told them to call me back later but they insisted I buy it right away. After the phone call I disconnected the ammyy software and ran a full scan of symantec endpoint protection and later malwarebytes with combofix. How do I know if ammyy is all cleared from my computer?

Larusso · June 27, 2012

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download OTL to your Desktop.

Double click on the icon to run it.
Under the box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

pinheadzjr2 · June 27, 2012

OTL logfile created on: 6/27/2012 4:56:32 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.33% Memory free

5.96 Gb Paging File | 4.19 Gb Available in Paging File | 70.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.94 Gb Total Space | 128.11 Gb Free Space | 44.80% Space Free | Partition Type: NTFS

Drive D: | 12.15 Gb Total Space | 1.65 Gb Free Space | 13.57% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 16:55:21 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe

PRC - [2012/06/13 11:34:06 | 001,020,816 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2012/02/28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

PRC - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

PRC - [2009/04/22 15:16:02 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

PRC - [2009/04/22 15:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2009/02/12 13:02:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

PRC - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2008/09/18 23:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 06:47:05 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/14 03:05:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/14 03:04:41 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll

MOD - [2012/06/14 03:04:02 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll

MOD - [2012/05/10 04:08:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/10 04:06:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/05/10 04:06:52 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll

MOD - [2012/05/10 04:06:51 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll

MOD - [2012/05/10 04:06:51 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll

MOD - [2012/05/10 04:06:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/10 04:01:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6cc7aca81a3abfc1ab90b0c72f302702\System.Xml.ni.dll

MOD - [2012/05/10 04:00:45 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll

MOD - [2012/05/10 04:00:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/10 04:00:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/10 03:59:59 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/10 03:59:44 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\SysWOW64\msjetoledb40.dll

MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/09/18 23:14:34 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll

MOD - [2008/07/03 14:45:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll

MOD - [2008/07/03 14:42:56 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2008/07/03 14:42:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2008/07/03 14:42:48 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll

MOD - [2008/07/03 14:42:46 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2008/07/03 14:42:40 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2008/07/03 14:42:40 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2008/07/03 14:42:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 10:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV - [2012/05/03 19:44:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011/04/25 19:33:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2009/04/22 15:26:36 | 003,099,976 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2009/04/22 15:14:20 | 001,768,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2009/04/22 03:31:40 | 000,393,544 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)

SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2009/02/12 13:02:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2009/01/29 10:11:06 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)

DRV:64bit: - [2010/05/24 22:05:28 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/05/20 17:23:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/22 15:28:24 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)

DRV:64bit: - [2009/01/30 13:52:34 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)

DRV:64bit: - [2009/01/30 13:52:32 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)

DRV:64bit: - [2009/01/30 13:52:32 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2008/11/18 18:29:36 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)

DRV:64bit: - [2008/10/14 12:24:14 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)

DRV:64bit: - [2008/05/08 08:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2008/05/08 08:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2008/05/08 08:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)

DRV:64bit: - [2007/10/18 10:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2006/06/19 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)

DRV - [2012/05/31 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/05/31 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/05/15 03:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120627.006\ex64.sys -- (NAVEX15)

DRV - [2012/05/15 03:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120627.006\eng64.sys -- (NAVENG)

DRV - [2009/01/30 13:52:34 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)

DRV - [2009/01/30 13:52:32 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)

DRV - [2009/01/30 13:52:32 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

DRV - [2008/05/22 14:20:54 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{E2AF211B-86DA020A-05040000})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0DB7B562-EA41-4097-A9F5-C4568DEA6B95}

IE:64bit: - HKLM\..\SearchScopes\{0DB7B562-EA41-4097-A9F5-C4568DEA6B95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE:64bit: - HKLM\..\SearchScopes\{E2FFC9D5-2D98-4AC2-AB87-AEDE67007260}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found

IE - HKLM\..\SearchScopes,DefaultScope = {0DB7B562-EA41-4097-A9F5-C4568DEA6B95}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{0DB7B562-EA41-4097-A9F5-C4568DEA6B95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKLM\..\SearchScopes\{E2FFC9D5-2D98-4AC2-AB87-AEDE67007260}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0DB7B562-EA41-4097-A9F5-C4568DEA6B95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF

IE - HKCU\..\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\..\SearchScopes\{B0F6A9E6-A20E-2078-1826-6C700C6E8C1D}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z045&form=ZGAIDF

IE - HKCU\..\SearchScopes\{E2FFC9D5-2D98-4AC2-AB87-AEDE67007260}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.order.1: "Yahoo"

FF - prefs.js..browser.search.order.2: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {0CDC78A2-05A1-47F9-8810-A36BA7576D00}:1.0

FF - prefs.js..extensions.enabledItems: {E4E6BF2A-1667-11DF-A01F-1F9655D89593}:4.0

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z045&form=ZGAADF&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files\Musicnotes\npmusicn64.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Program Files (x86)\Musicnotes\npmusicn.dll File not found

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files (x86)\Musicnotes\npsibelius.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/06 20:20:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 19:44:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/18 23:34:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\John\AppData\Roaming\Move Networks [2010/02/12 19:16:05 | 000,000,000 | ---D | M]

[2010/01/05 17:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions

[2010/01/05 17:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2012/06/20 16:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions

[2012/05/30 16:35:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/07/19 11:49:58 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}

[2012/05/20 12:17:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/09/28 17:54:18 | 000,000,000 | ---D | M] (Simppull Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}

[2011/04/23 07:33:03 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\DTToolbar@toolbarnet.com

[2011/07/25 08:36:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\engine@conduit.com

[2012/06/20 16:48:16 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\extensions\info@djzig.com

[2010/05/20 17:23:36 | 000,002,059 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\searchplugins\daemon-search.xml

[2012/06/26 15:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/18 23:34:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2010/02/12 19:16:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\JOHN\APPDATA\ROAMING\MOVE NETWORKS

[2012/04/23 21:36:12 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEBP7V18.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI

[2012/05/03 19:44:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/05 12:06:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2011/11/10 01:44:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2012/06/27 11:42:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)

O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found

O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll File not found

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll File not found

O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.

O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found

O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll File not found

O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found

O8:64bit: - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found

O8:64bit: - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found

O8:64bit: - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDD7762A-4484-4E11-B5DD-8941532B0891}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpFolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found

MsConfig:64bit - StartUpReg: Free Download Manager - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()

MsConfig:64bit - StartUpReg: SpeedBitVideoAccelerator - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: tnihiuup - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 11:47:05 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/27 11:42:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/06/27 10:44:47 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe

[2012/06/27 09:46:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/27 09:46:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/27 09:46:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/26 15:28:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/26 15:25:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/26 15:18:38 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/06/26 15:04:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes

[2012/06/26 15:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/26 15:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/26 15:03:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/26 15:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/20 20:01:50 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Music

[2012/06/16 18:08:42 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\minecraft

[2012/06/04 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Skype

[2012/06/04 16:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/06/04 16:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/06/04 16:39:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/06/04 15:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 16:42:36 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1218432586-3964203685-1260264325-1001UA.job

[2012/06/27 16:19:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/27 16:19:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/27 16:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/27 11:42:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/06/27 10:51:37 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe

[2012/06/26 18:20:50 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1218432586-3964203685-1260264325-1001Core.job

[2012/06/26 15:03:57 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/21 21:26:41 | 000,252,435 | ---- | M] () -- C:\Users\John\Desktop\OptiFine_1.2.5_HD_MT_AA_A7.zip

[2012/06/21 11:25:44 | 000,000,000 | ---- | M] () -- C:\t168.1

[2012/06/20 20:01:17 | 000,127,488 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/19 00:06:16 | 000,002,609 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Excel 2007.lnk

[2012/06/14 06:43:33 | 000,515,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/14 03:18:55 | 000,732,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/14 03:18:55 | 000,613,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/14 03:18:55 | 000,108,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/13 11:34:07 | 000,000,808 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/06/07 12:29:43 | 000,999,771 | ---- | M] () -- C:\Users\John\Desktop\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

[2012/06/07 10:32:30 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job

[2012/06/06 19:42:08 | 000,137,859 | ---- | M] () -- C:\Users\John\Desktop\AMIDST.exe

[2012/06/04 16:39:35 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/06/02 15:25:23 | 000,278,561 | ---- | M] () -- C:\Users\John\Desktop\Minecraft.exe

[2012/05/31 14:49:31 | 000,068,608 | ---- | M] () -- C:\Users\John\Documents\gym class heroes - the fighter.MSWMM

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 09:46:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/27 09:46:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/27 09:46:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/27 09:46:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/27 09:46:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/26 15:03:57 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/21 21:26:38 | 000,252,435 | ---- | C] () -- C:\Users\John\Desktop\OptiFine_1.2.5_HD_MT_AA_A7.zip

[2012/06/21 11:25:44 | 000,000,000 | ---- | C] () -- C:\t168.1

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track13.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track12.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track11.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track10.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track09.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track08.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track07.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track06.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track05.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track04.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track03.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track02.cda

[2012/06/20 20:00:37 | 000,000,044 | ---- | C] () -- C:\Users\John\Documents\Track01.cda

[2012/06/07 12:29:33 | 000,999,771 | ---- | C] () -- C:\Users\John\Desktop\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

[2012/06/06 19:41:42 | 000,137,859 | ---- | C] () -- C:\Users\John\Desktop\AMIDST.exe

[2012/06/04 16:39:35 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/06/02 15:25:20 | 000,278,561 | ---- | C] () -- C:\Users\John\Desktop\Minecraft.exe

[2012/05/31 14:49:31 | 000,068,608 | ---- | C] () -- C:\Users\John\Documents\gym class heroes - the fighter.MSWMM

[2011/11/16 19:53:03 | 000,000,092 | ---- | C] () -- C:\Users\John\AppData\Local\fusioncache.dat

[2011/11/16 19:52:30 | 000,733,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/31 19:48:51 | 000,000,032 | ---- | C] () -- C:\Users\John\jagex_cl_runescape_LIVE.dat

[2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011/06/14 15:37:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/24 21:59:29 | 000,002,692 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2011/01/24 08:04:37 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat

[2011/01/22 12:28:51 | 000,000,125 | ---- | C] () -- C:\Users\John\AppData\Roaming\RSBot_Accounts.ini

[2010/07/22 12:46:01 | 000,000,411 | ---- | C] () -- C:\Users\John\AppData\Roaming\RSBot Accounts.ini

[2010/03/28 17:23:55 | 000,000,000 | ---- | C] () -- C:\Users\John\jagex__preferences3.dat

[2010/01/29 15:24:02 | 216,906,320 | ---- | C] () -- C:\Users\John\Video 2.MP4

[2010/01/26 19:12:17 | 000,127,488 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/24 01:40:14 | 351,412,434 | ---- | C] () -- C:\Users\John\2010-01-24 00 40 14.MP4

[2009/12/08 11:45:30 | 000,000,129 | ---- | C] () -- C:\Users\John\jagex_runescape_preferences2.dat

[2009/12/08 11:44:36 | 000,000,046 | ---- | C] () -- C:\Users\John\jagex_runescape_preferences.dat

========== LOP Check ==========

[2012/06/27 16:46:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft

[2010/07/23 22:57:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Actual Tools

[2009/12/18 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity

[2011/12/14 04:34:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Azureus

[2012/03/08 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BANDISOFT

[2010/05/20 19:07:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite

[2011/04/25 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Free Download Manager

[2010/03/11 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GameKiss

[2010/04/12 21:41:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GetRightToGo

[2010/09/29 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\InfraRecorder

[2011/04/25 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire

[2011/03/27 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\muvee Technologies

[2012/04/15 18:15:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Notepad++

[2011/02/13 09:09:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PIXELA

[2011/06/06 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony

[2010/07/22 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Subversion

[2011/01/31 16:44:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SystemRequirementsLab

[2011/03/06 16:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\The Creative Assembly

[2012/04/23 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TS3Client

[2012/02/12 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ts3overlay

[2010/05/21 16:14:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Uniblue

[2012/01/14 12:17:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Unity

[2012/06/27 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent

[2011/02/18 20:48:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WeatherBug

[2012/06/27 11:19:16 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2012/06/27 11:42:17 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN

[2010/07/22 12:48:43 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32

[2010/05/24 21:54:39 | 000,000,000 | ---D | M] -- C:\Boot

[2009/11/28 18:56:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011/03/26 11:38:48 | 000,000,000 | ---D | M] -- C:\Downloads

[2012/04/11 21:39:48 | 000,000,000 | ---D | M] -- C:\Fraps

[2010/06/07 19:42:37 | 000,000,000 | ---D | M] -- C:\Garmin

[2011/06/30 10:59:48 | 000,000,000 | ---D | M] -- C:\hp

[2009/11/28 19:10:21 | 000,000,000 | R--D | M] -- C:\MSOCache

[2008/01/20 22:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/06/13 11:44:28 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/06/27 10:04:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012/06/27 10:04:43 | 000,000,000 | ---D | M] -- C:\ProgramData

[2012/06/27 11:47:06 | 000,000,000 | ---D | M] -- C:\Qoobox

[2012/06/27 16:59:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/07/25 08:36:20 | 000,000,000 | R--D | M] -- C:\Users

[2012/06/27 11:47:05 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

< %localappdata%\*. /5 >

[2012/06/27 16:19:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Local\LogMeIn Hamachi

[2012/06/27 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Local\Temp

[2012/06/26 13:14:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Local\WeatherBug

< MD5 for: SERVICES.EXE >

[2008/01/20 21:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\WINDOWS\erdnt\cache64\services.exe

[2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe

[2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\SysWOW64\services.exe

[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2008/01/20 21:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: USER32.DLL >

[2008/01/20 21:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008/01/20 21:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\erdnt\cache86\user32.dll

[2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll

[2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll

[2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\WINDOWS\erdnt\cache64\user32.dll

[2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll

[2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE

< End of report >

pinheadzjr2 · June 27, 2012

OTL Extras logfile created on: 6/27/2012 4:56:32 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\John\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.33% Memory free

5.96 Gb Paging File | 4.19 Gb Available in Paging File | 70.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.94 Gb Total Space | 128.11 Gb Free Space | 44.80% Space Free | Partition Type: NTFS

Drive D: | 12.15 Gb Total Space | 1.65 Gb Free Space | 13.57% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = DD 0F AB 89 B5 FB CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1FE35C0B-9818-44DC-9F28-B884725D69B8}" = lport=137 | protocol=17 | dir=in | app=system |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{5577F163-D34C-4F53-B680-1C3C6422C7D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{5D7EDA65-2389-4149-A7D5-28042A46A00D}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7968F593-6C36-4524-87F3-4CF9ECE2C7BF}" = rport=139 | protocol=6 | dir=out | app=system |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{99AC16F9-D329-4C21-8728-866F58BD9051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A572E15E-90C6-43AB-BF6A-18A0AB760902}" = rport=138 | protocol=17 | dir=out | app=system |

"{A8959502-FE8A-4873-A1D4-DE24F1E112F2}" = lport=445 | protocol=6 | dir=in | app=system |

"{AE964852-7AA9-4D50-AD73-02F0D6C6D748}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C1C3977D-E3EC-48AF-96E0-1509BFB707B2}" = rport=137 | protocol=17 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C8C6A444-8830-4036-8C35-B6F2C48677CB}" = rport=445 | protocol=6 | dir=out | app=system |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F85816F7-C7DB-4B45-8112-67E784F2A2FE}" = lport=138 | protocol=17 | dir=in | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{00D88320-4C4B-49E6-8A3F-54DF121A0E53}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{072FA7C3-A5E9-4595-8BC9-F8C106C7B12F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{0B74049B-B744-4053-84F4-4FC46F38BB6A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{0ECA79DD-9971-4454-BC39-294DC43CD3E8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |

"{12C13CE3-7116-4CC0-B731-DF581E33CE38}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{14C2FC58-B297-4D32-84EF-78AF80292109}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{16CBC1A9-EE9E-4136-BC2F-FFB22E579217}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{1DED4B97-D253-4866-802E-C12B3E14724D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{2AB7C83E-AF4E-4B15-AF63-D8494A7A4FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{2F629D44-9BF8-4273-8628-CBB3762B2B81}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |

"{2F7CD53D-70AC-4BDB-BB78-C1521DD04575}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{3EDA2A5A-1C47-49EE-BAE5-843EF9C4C9C5}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{43038ED2-34AA-4486-A20E-105B0F9A0ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{44DDB147-B3F8-482B-ABD4-8A2907648CBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4A9A0D3E-D211-4423-A18C-5EBCFD78F50C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{4CD801F7-5301-4879-BFA2-F14415473E56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{4D7D4BF2-DE7F-4FEB-AFA2-FA514DF4D8F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{52AAE1EC-B40C-4E82-8721-1BAC793F504D}" = protocol=6 | dir=in | app=c:\users\john\downloads\facemoods.exe |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5B490C13-C615-444C-82CE-AB27EA33AA4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5E7E047C-CFAC-4219-B268-5275DDB45DD5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{60283132-D4A1-49DB-B9E9-7993002BFB08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6285258B-CFED-413C-B965-42BCDCA7D67A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{62DC8DD4-BF3F-45F0-A437-2D1A4D9828F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{65A38218-42CA-4F92-827C-552802C18EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6A8E74B6-93DD-4C10-84B7-783FF5D07192}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6CE84F25-BD18-4BBA-9643-D718A6A94203}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{6DEE01B6-D6FF-4B03-8499-E97E1D801826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war demo\empire.exe |

"{732D6B6A-DC43-4BC6-8B21-D8D16F546928}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{78C1A678-0315-475F-8929-CC329AB3EF5C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |

"{81EE34DB-A176-456B-BA73-6D8D8EA3B814}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{82C4E171-7142-45F3-87D2-5485267CC0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8A0177CD-F0EF-420A-9D24-3BD7F5124D23}" = protocol=17 | dir=in | app=c:\users\john\downloads\facemoods.exe |

"{8C36FB52-F8B9-43A8-ACEB-79C433E3CDC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{8FE22F5E-2B25-450C-A48A-44EC629BEC27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{901AF3FE-5D54-4127-B331-78910E7913A7}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |

"{914CB961-3FAD-4BE9-B1F7-0BCA71A80AEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{914DEB77-0B5D-41F8-9C86-B60362BE6204}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{96201685-C202-40D3-9671-CCD283CA76DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{9A2DF00F-21F8-4ED0-9AC5-0A7A7A72788E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war demo\empire.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ABBB8358-D293-4F73-8057-DA9FE6F5543C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B3AAB601-C759-4C6F-946A-46D68F07DCB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |

"{B5D0BE64-4952-45AC-89F7-60988243111C}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |

"{B62C49A9-44B0-456E-9B3F-FF0F8BEE0E47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CA03BF55-6AE5-4977-B1E5-2BEFB67A912B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DB7BA24E-96F2-4448-BD0F-917774EBF53C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{E3C805FF-C87D-4F58-9DB2-9EAF753E9A8F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{E5AE1B63-BCD2-4C77-814C-46226C81731A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |

"{E610061D-DD76-4662-AE6D-4311BBE7796E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{2BF7A41C-74B9-4420-A2DC-738C8E39FC78}C:\program files (x86)\gamekiss\freestyle\freestyle.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamekiss\freestyle\freestyle.exe |

"TCP Query User{9D0C3856-2714-482D-A6DF-0B6009DACB08}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |

"TCP Query User{AFEBCE80-B830-4627-ADDB-425A8497D153}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"TCP Query User{EC05D172-0326-4754-9E2A-030DD155B760}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"UDP Query User{281EAAAA-B783-4578-B5E6-8EBC1A4F7765}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"UDP Query User{284AF540-E697-40D8-8EA4-A085F21F507C}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |

"UDP Query User{92869C63-D066-4F37-AF2D-FA64044881C6}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"UDP Query User{D96E324B-AC08-42A3-A54B-8307C8D8453A}C:\program files (x86)\gamekiss\freestyle\freestyle.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamekiss\freestyle\freestyle.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java SE Development Kit 6 Update 21 (64-bit)

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9CFDEB8F-51C7-40ED-AC74-EF91380D2ED5}" = Symantec Endpoint Protection Small Business Edition

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE

"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15

"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{5726B35F-418B-4D55-BA09-561C003FC780}" = Virtual Business - Personal Finance

"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6A0B387F-E966-4552-A9B7-0F4D828856D2}" = Virtual Business - Personal Finance Demo

"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2

"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010

"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1

"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS

"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"4shared Desktop" = 4shared Desktop

"8461-7759-5462-8226" = Vuze

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Bandicam" = Bandicam

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"conduitEngine" = Conduit Engine

"Edraw Office Viewer Component_is1" = Edraw Office Viewer Component v6.0

"ENTERPRISER" = Microsoft Office Enterprise 2007

"Fraps" = Fraps

"Guild Wars" = Guild Wars

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 2" = HyperCam 2

"HyperCam Toolbar" = HyperCam Toolbar

"InfraRecorder" = InfraRecorder

"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"Office14.PUBLISHERR" = Microsoft Publisher 2010

"Office14.SingleImage" = Microsoft Office Professional 2010

"PC-Doctor for Windows" = Hardware Diagnostic Tools

"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6

"Pivot Stickfigure FileBulldog Toolbar" = Pivot Stickfigure FileBulldog Toolbar

"uTorrent" = µTorrent

"uTorrentBar Toolbar" = uTorrentBar Toolbar

"WildTangent hp Master Uninstall" = My HP Games

"Your Product1.0" = Your Product

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/26/2012 11:34:15 AM | Computer Name = Family-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 16193

Error - 6/26/2012 11:34:15 AM | Computer Name = Family-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 16193

Error - 6/26/2012 11:53:43 AM | Computer Name = Family-PC | Source = Perflib | ID = 1023

Description =

Error - 6/26/2012 11:53:44 AM | Computer Name = Family-PC | Source = Perflib | ID = 1008

Description =

Error - 6/26/2012 11:53:44 AM | Computer Name = Family-PC | Source = Perflib | ID = 1023

Description =

Error - 6/26/2012 1:19:30 PM | Computer Name = Family-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/26/2012 2:13:04 PM | Computer Name = Family-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/26/2012 2:26:18 PM | Computer Name = Family-PC | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Adware.Hotbar in File: c:\programdata\hblitesa\hblitesa.dat

by: Manual scan. Action: Quarantine succeeded. Action Description: The file was

quarantined successfully.

Error - 6/26/2012 2:26:27 PM | Computer Name = Family-PC | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual

scan. Action: Quarantine failed : Leave Alone failed. Action Description: The

file was deleted successfully.

Error - 6/26/2012 3:17:28 PM | Computer Name = Family-PC | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Zeroaccess!inf in File: c:\Users\John\AppData\Local\Temp\msimg32.dll

by: Manual scan. Action: No repair currently available. Action Description: No

repair currently available

[ Media Center Events ]

Error - 8/16/2011 8:06:10 AM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/17/2011 11:02:56 AM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/18/2011 9:36:51 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/10/2011 7:58:05 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/10/2011 7:58:07 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/10/2011 7:58:26 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/10/2011 8:01:23 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/23/2012 9:23:43 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/29/2012 2:25:21 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/6/2012 11:10:11 PM | Computer Name = Family-PC | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]

Error - 6/27/2012 12:21:00 PM | Computer Name = Family-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.6 for the Network Card with network

address 001FE25AC211 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 6/27/2012 12:21:17 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/27/2012 12:21:17 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 6/27/2012 12:43:32 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/27/2012 3:22:44 PM | Computer Name = Family-PC | Source = DCOM | ID = 10010

Description =

Error - 6/27/2012 5:05:52 PM | Computer Name = Family-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.6 for the Network Card with network

address 001FE25AC211 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 6/27/2012 5:08:29 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/27/2012 5:18:45 PM | Computer Name = Family-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 4:16:14 PM on 6/27/2012 was unexpected.

Error - 6/27/2012 5:19:57 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/27/2012 5:19:57 PM | Computer Name = Family-PC | Source = Service Control Manager | ID = 7026

Description =

< End of report >

Larusso · June 28, 2012

Hy there

I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I see you have P2P ( peer to peer ) software installed on your machine ( In your case Limewire / Vuze ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here , here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

Conduit Engine

uTorrentBar Toolbar

Conduit toolbars are reputed to have a certain trackware functionality

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

pinheadzjr2 · June 28, 2012

ComboFix 12-06-28.01 - John 06/28/2012 9:37.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2940.1107 [GMT -5:00]

Running from: c:\users\John\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

2012-06-28 14:47 . 2012-06-28 14:47 -------- d-----w- c:\users\Family\AppData\Local\temp

2012-06-28 14:47 . 2012-06-28 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-26 20:04 . 2012-06-26 20:04 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes

2012-06-26 20:03 . 2012-06-26 20:03 -------- d-----w- c:\programdata\Malwarebytes

2012-06-26 20:03 . 2012-06-26 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-26 20:03 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-23 23:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 23:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 23:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 23:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 23:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 23:48 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-23 23:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 23:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-23 23:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 23:48 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-23 23:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 23:47 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-23 23:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 23:47 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-14 08:21 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-14 07:22 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 07:17 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 07:17 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 07:17 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 07:17 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 07:17 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 07:17 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-14 07:17 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 16:43 . 2012-06-13 16:43 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240CD.TMP

2012-06-04 21:40 . 2012-06-28 05:51 -------- d-----w- c:\users\John\AppData\Roaming\Skype

2012-06-04 21:39 . 2012-06-04 21:39 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-06-04 21:39 . 2012-06-04 21:39 -------- d-----r- c:\program files (x86)\Skype

2012-06-04 20:27 . 2012-06-04 21:39 -------- d-----w- c:\programdata\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-18 08:12 . 2012-06-27 21:41 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A56FE9C-FA83-4D5E-BB0A-8F8B40FD26AA}\mpengine.dll

2012-05-19 04:34 . 2012-05-19 04:34 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-19 04:34 . 2010-04-17 02:15 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-03 08:22 . 2012-05-09 09:10 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-06-27_15.08.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2012-06-27 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-06-28 04:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-06-28 04:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2012-06-27 14:44 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-06-28 04:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2012-06-27 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2012-06-27 16:43 49462 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-06-28 14:51 84904 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-01 02:47 . 2012-06-28 14:51 13866 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1218432586-3964203685-1260264325-1001_UserData.bin

- 2012-06-27 15:07 . 2012-06-27 15:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-28 14:49 . 2012-06-28 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-27 15:07 . 2012-06-27 15:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-28 14:49 . 2012-06-28 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-30 02:48 . 2012-06-28 12:38 517390 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-11-29 14:43 . 2012-02-23 15:18 279656 c:\windows\system32\MpSigStub.exe

+ 2009-03-10 01:18 . 2011-07-15 21:35 225328 c:\windows\system32\drivers\WpsHelper.sys

- 2009-03-10 01:18 . 2011-07-04 20:36 225328 c:\windows\system32\drivers\WpsHelper.sys

+ 2009-11-29 00:30 . 2012-06-28 14:47 226320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-02-12 02:41 . 2012-06-28 14:47 454276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-12 02:41 . 2012-06-27 15:06 454276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-14 20:33 . 2012-06-28 14:47 873612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1218432586-3964203685-1260264325-1001-12288.dat

- 2011-06-14 20:33 . 2012-06-14 11:40 873612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1218432586-3964203685-1260264325-1001-12288.dat

+ 2011-03-24 08:16 . 2012-06-28 14:47 5015980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1218432586-3964203685-1260264325-1001-8192.dat

- 2012-04-03 23:30 . 2012-06-26 17:16 3358465 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1218432586-3964203685-1260264325-1001-4096.dat

+ 2012-04-03 23:30 . 2012-06-27 16:19 3358465 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1218432586-3964203685-1260264325-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]

c:\program files (x86)\simppulltoolbar\simppulldx.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

c:\program files (x86)\uTorrentBar\prxtbuTor.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]

c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{627af46b-2076-42ae-a2fd-8428734d3e74}"= "c:\program files (x86)\simppulltoolbar\simppulldx.dll" [bU]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{627af46b-2076-42ae-a2fd-8428734d3e74}]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-07-03 972080]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-13 1020816]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Launch WhiteSmoke.lnk - c:\program files (x86)\WhiteSmoke\WSEnrichment.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2011-2-11 253952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218432586-3964203685-1260264325-1001Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 22:50]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218432586-3964203685-1260264325-1001UA.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 22:50]

.

2012-06-07 c:\windows\Tasks\HPCeeScheduleForJohn.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 03:03]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 15851040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 82464]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: eset.com\www

Trusted Zone: eset.eu\www

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\nebp7v18.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}]

"ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@SACL=

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@SACL=

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@SACL=

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@SACL=

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0c\06\0a\11\"(e"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

.

**************************************************************************

.

Completion time: 2012-06-28 09:57:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-28 14:57

ComboFix2.txt 2012-06-27 15:17

.

Pre-Run: 135,513,812,992 bytes free

Post-Run: 135,823,953,920 bytes free

.

- - End Of File - - FED1344A3C770BD4DB5223C308E0D1D1

Larusso · June 28, 2012

Open notepad and copy/paste the text in the Code-box below into it:


Folder::
c:\program files (x86)\simppulltoolbar
c:\program files (x86)\uTorrentBar
c:\program files (x86)\WhiteSmoke
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Start
Wait for the scan to finish
When the scan completes, push
Push , and save the file to your desktop using a unique name.
Push the Back button.
Push Finish

Please post this logfile in your next reply

pinheadzjr2 · June 28, 2012

ComboFix 12-06-28.01 - John 06/28/2012 10:25:52.4.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2940.1458 [GMT -5:00]

Running from: c:\users\John\Desktop\ComboFix.exe

Command switches used :: c:\users\John\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

2012-06-28 15:35 . 2012-06-28 15:35 -------- d-----w- c:\users\Family\AppData\Local\temp

2012-06-28 15:35 . 2012-06-28 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp