Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Losing GB like crazy, IE doesn't work, Chrome redirects, SysWOW64 & HKEY edits! HELP!


  • This topic is locked This topic is locked
3 replies to this topic

#1 infamousaries

infamousaries

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 17 August 2012 - 01:28 PM

I ran oldtimer and am copying and pasting both the log files from the scans. I ran it at minimal output, all users, safe list, no company name. let me know if i should do a diff scan. my network is SLOW, downloads take FOREVER, I seem to have lost the ability to even delete some files or access folders! Here's my log from oldtimer let me know if anything looks suspicious



OTL logfile created on: 8/17/2012 12:56:05 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\XoXoxXxoO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 37.74% Memory free
7.49 Gb Paging File | 4.40 Gb Available in Paging File | 58.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.41 Gb Total Space | 71.47 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
Drive D: | 15.06 Gb Total Space | 0.32 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: SWEETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\XoXoxXxoO\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SRSHDAudioService) -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe (SRS Labs, Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe (Symantec Corporation)
SRV - (NAT) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SRS_AE_Service) -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys ()
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SMR250) -- C:\Windows\SysNative\drivers\SMR250.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NAT) -- C:\Windows\SysNative\drivers\NATx64\0105000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120817.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120817.003\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120815.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\syswow64\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD23}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=3&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD23}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=3&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=94829A2A1E06F73D27BDF25027851FC6&tbp=homepage
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=94829A2A1E06F73D27BDF25027851FC6&q={searchTerms}
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9DC830B2-D43D-4A8A-B09A-027149E085C3}&mid=a94541fe778d47d19702fd6e9127872d-ca14a902431622740e698df39a7be773e74f1925&lang=en&ds=AVG&pr=pr&d=2012-01-17 19:48:21&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1021\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD23}
IE - HKU\S-1-5-21-4183000216-585610615-397079607-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/17 04:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/08/16 10:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Users\Owner\Desktop\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Users\Owner\Desktop\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozillaextension@somud.com: C:\Program Files (x86)\SoMud\scripts\mozilla
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\mozillaextension@somud.com: C:\Program Files (x86)\SoMud\scripts\mozilla

[2011/09/26 13:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/09/26 13:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=94829A2A1E06F73D27BDF25027851FC6&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Facebook! = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm\2.0.0.5_0\
CHR - Extension: Aviary Audio Editor = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajiijeebjcmkhdplmollbjpljcnelfhn\0.0.0.6_0\
CHR - Extension: BeFunky Photo Editor = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Pixlr-o-matic = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: Pandora = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: FabCam = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl\1.3_0\
CHR - Extension: TiltShiftMaker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: Sunrise = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogniifclmcgmemmibliedfegjhgpmoe\3_0\
CHR - Extension: Pixlr Express = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.2_0\
CHR - Extension: Pixlr Editor = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Webcam Toy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\
CHR - Extension: Download Fonts = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgmjfmdomlhhodhmmfaomfbbdadpeefk\1.2_0\
CHR - Extension: Google Mail Checker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Ambient Aurea = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkadajbjoenejhoiddlmokengcgkagi\0.1_0\
CHR - Extension: Facebook Notifications = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Picasa = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Instagram for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\1.6.2_0\
CHR - Extension: Psykopaint = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/16 05:15:04 | 000,000,843 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Webroot Browser Helper Object) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SRSAENotifier] C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1021..\Run: [Epson Stylus NX330(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\XOXOXX~1\AppData\Local\Temp\E_S1A31.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1021..\Run: [Facebook Update] C:\Users\XoXoxXxoO\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1021..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup1] C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\Owner\AppData\Local\adawarebp" /s /q File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f File not found
O4 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Owner\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1021\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.33.128.10 64.33.128.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B7C9DC-C6F0-4235-B156-3245EF973516}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89797327-248A-4BBD-825E-DB5C04636342}: DhcpNameServer = 64.33.128.10 64.33.128.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89797327-248A-4BBD-825E-DB5C04636342}: NameServer = 198.153.192.40,198.153.194.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB976E40-F88C-46F2-8F32-5F9AE08C7B77}: NameServer = 198.153.192.40,198.153.194.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F579C66F-09B0-4C5E-A319-CDE756E44E14}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F579C66F-09B0-4C5E-A319-CDE756E44E14}: NameServer = 198.153.192.40,198.153.194.40
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14ab0bc4-75e7-11e0-b7e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{14ab0bc4-75e7-11e0-b7e1-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
O33 - MountPoints2\{b0d5c922-aebc-11e0-9287-2c27d7c36ede}\Shell - "" = AutoRun
O33 - MountPoints2\{b0d5c922-aebc-11e0-9287-2c27d7c36ede}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4183000216-585610615-397079607-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4183000216-585610615-397079607-1001\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 12:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
[2012/08/12 12:57:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Blio
[2012/08/12 12:57:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Blio
[2012/08/12 05:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/08/12 05:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_031
[2012/08/12 05:26:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\blekkotb_031
[2012/08/12 05:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/08/08 15:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/08/08 14:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/08/08 14:55:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/08/08 14:52:25 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2012/08/08 14:52:25 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2012/08/08 14:52:25 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2012/08/08 14:52:25 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2012/08/08 14:52:25 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2012/08/08 14:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/08/08 14:39:51 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2012/08/08 14:39:51 | 000,558,080 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2012/08/08 14:39:51 | 000,535,040 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2012/08/08 14:39:51 | 000,535,040 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2012/08/08 14:39:51 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2012/08/08 14:39:51 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2012/08/08 14:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/08/08 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\InstallShield
[2012/08/08 14:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/08/08 14:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2012/08/08 14:35:26 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMHAA.DLL
[2012/08/08 14:35:21 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBHAA.DLL
[2012/08/08 14:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/08/08 14:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/08/08 14:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/08/08 13:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/08/08 13:55:55 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2012/08/08 13:55:55 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2012/08/08 13:55:54 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2012/08/08 13:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/08/07 00:06:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/08/06 23:54:55 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/08/06 23:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/06 23:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/20 17:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/07/20 17:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
[2012/07/20 17:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SRS Labs
[2012/07/20 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\SRS Labs
[2012/07/20 17:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SRS Labs
[2010/01/26 17:22:14 | 004,636,488 | ---- | C] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files (x86)\Common Files\Samsung_Mobile_USB_Driver(V5.2)_V1.2.1060.0.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 13:00:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 12:58:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021UA.job
[2012/08/17 12:58:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021Core.job
[2012/08/17 12:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1001UA.job
[2012/08/17 12:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 11:39:27 | 000,002,280 | ---- | M] () -- C:\{448A2F77-DAE3-4C7B-9B57-8195F805BB04}
[2012/08/17 11:26:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021UA.job
[2012/08/17 11:11:44 | 000,002,040 | ---- | M] () -- C:\{4654A56B-B485-4A15-A0B1-4935902ECCDC}
[2012/08/17 09:10:40 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1001Core.job
[2012/08/17 09:10:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 04:49:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 19:34:32 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021Core.job
[2012/08/16 19:21:33 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 19:21:32 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 10:09:11 | 000,002,270 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/16 10:08:05 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 10:08:02 | 001,475,898 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/16 07:20:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/16 07:20:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/16 06:06:27 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/13 01:25:31 | 001,396,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 01:25:31 | 000,387,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/11 17:01:14 | 000,009,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/10 00:44:34 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/08 15:00:11 | 000,000,071 | ---- | M] () -- C:\Windows\ENX330.ini
[2012/08/08 15:00:09 | 000,001,204 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/08/07 00:01:42 | 000,000,020 | ---- | M] () -- C:\Windows\,÷O
[2012/08/06 14:32:35 | 000,537,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:39:25 | 000,002,280 | ---- | C] () -- C:\{448A2F77-DAE3-4C7B-9B57-8195F805BB04}
[2012/08/17 11:11:41 | 000,002,040 | ---- | C] () -- C:\{4654A56B-B485-4A15-A0B1-4935902ECCDC}
[2012/08/16 10:09:11 | 000,002,270 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/08 15:00:09 | 000,001,204 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/08/08 13:54:28 | 000,000,071 | ---- | C] () -- C:\Windows\ENX330.ini
[2012/08/07 00:01:41 | 000,000,020 | ---- | C] () -- C:\Windows\,÷O
[2012/08/05 14:21:03 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021UA.job
[2012/08/05 14:21:00 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021Core.job
[2012/07/28 12:48:01 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021UA.job
[2012/07/28 12:47:59 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4183000216-585610615-397079607-1021Core.job
[2012/05/22 16:28:28 | 000,001,119 | ---- | C] () -- C:\Users\Owner\FrostWire - Shortcut.lnk
[2012/02/17 04:08:20 | 000,878,662 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/16 05:14:20 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/09/13 13:00:17 | 000,007,609 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2011/08/15 16:19:45 | 000,009,728 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 23:19:14 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2011/04/16 04:51:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/08 20:51:01 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/24 17:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

< End of report >

BC AdBot (Login to Remove)

 


#2 infamousaries

infamousaries
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 17 August 2012 - 01:31 PM

Here is the extras.txt file from the OTL scan as well.



OTL Extras logfile created on: 8/17/2012 12:56:05 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\XoXoxXxoO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 37.74% Memory free
7.49 Gb Paging File | 4.40 Gb Available in Paging File | 58.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.41 Gb Total Space | 71.47 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
Drive D: | 15.06 Gb Total Space | 0.32 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: SWEETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AF3B86-CE23-4ACA-B18E-1C6F03BA5D2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B1B7192-9664-4EC6-8E8A-B90D03B02631}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10EAD0F1-3C97-4757-8193-1CEE4FCE992D}" = lport=138 | protocol=17 | dir=in | app=system |
"{11CFA08F-D3B2-4215-A4A3-CF3DD6C5803C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D3B1C62-2C90-46F0-B779-D4F7BF90C173}" = lport=139 | protocol=6 | dir=in | app=system |
"{229AEF11-2FAB-4BDB-B59B-1DF5B2FB60ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{267ED07C-E001-4769-A9CC-71288BE69627}" = lport=443 | protocol=6 | dir=in | app=system |
"{33AB921D-992A-4CD2-86FB-4C9DBF96DF30}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3B3044B9-F25D-49BD-8A9C-DDD97085EA61}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BCE7F12-2738-45EE-9FFB-6799A0F8C0EB}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{3EE29D32-D6E7-4353-9004-F1E76A5A0154}" = lport=80 | protocol=6 | dir=in | app=system |
"{486DB6D4-6D98-4AD8-A52D-20D9C1B86C7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49598F1C-E863-4F19-B73B-A93FFC4D252F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49FBAC33-6BA8-4490-B981-B0AC024BBE00}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4D2DE3AD-5CCD-4903-869F-D680A4FA9230}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{591CFD64-9C40-47E9-B6CE-EF536593698D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{60B3F33E-E40F-402A-85D1-A09DBAD8A35A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7943AC-0000-4C6E-B8AD-6A479A55EEFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82665A7E-5DE6-4A05-998E-85708AD17762}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{867E8E25-BF3C-4771-88F8-3DDC5DA564BD}" = lport=443 | protocol=6 | dir=in | app=system |
"{8C7E059E-8E94-40D6-A419-53F49145267B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91919023-9F3C-41E4-B560-22F51705ED84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9868D93F-9C4D-41B3-BC99-1CCF7FFDC9F6}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5771345-9410-4006-BB1A-14B77FAB19CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99A8277-33EB-4372-B251-CC7F9FE9A2AE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CAE849E7-1652-44DF-8BB4-C8E676E59AFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC0493F9-D333-4B6E-857A-591D889CB84B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECEF9B47-E75C-4E3F-9C62-0D291ACFDEDB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1BDF41B-64C3-48B9-86B7-147E14C76B32}" = rport=139 | protocol=6 | dir=out | app=system |
"{F202989B-8BFE-49C0-BE59-F6BFF88C6DEB}" = lport=137 | protocol=17 | dir=in | app=system |
"{F575E26B-FAA6-47CB-BC74-2BADB1BC54E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FB6DB355-1D07-453A-84EE-80811B22E1C7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{FD7563FE-13CD-45DF-BC84-45CAB052B72C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C310CC-826B-4CB8-8DC0-1C63C17A01F2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{08CFAD2A-EFAC-4B91-B7AF-2D1410958163}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{0C1AFA01-14E7-4DB5-A858-A248E969631B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0DF4D6D7-0A5E-4B6B-AF15-7C4A8D47A698}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{144700E2-5847-484D-AAB6-746414E3358D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22C90155-0C07-4EEE-9E79-AD74BC963E9A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2CC0FC97-1F70-44D9-85DD-CE6FCC3896AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3058DFB7-900B-491E-8D02-6EE0FEB54E2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{34B499C9-C903-4A8B-A70F-CE6472E6A0D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{38317016-E971-472D-B122-27E6E74282C7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3B3A7BC5-D255-435D-BE9A-941AB42DEADE}" = protocol=17 | dir=in | app=c:\users\xoxoxxxoo\appdata\roaming\dropbox\bin\dropbox.exe |
"{3CA82A3B-6E2F-4D08-9F41-05CBCF7BEB1E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E1EAC13-43FE-4A55-801F-4ABB7C8636D5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{49843911-CDC4-4F45-B386-269A06A8FB34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AB36001-F8D9-4534-84CD-18895CCF1290}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C5AD3CA-9335-4420-88C3-FD23D7E47CC3}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{4DECE75E-1B02-4BA1-AA4A-77B60B206BC8}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{528064B5-321B-4693-8E86-B7884665903B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53FD2AA4-5E58-4392-BFDC-6220ED0CCAB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58A6331F-6653-4C2B-8D3F-68EE2089217F}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{5F472A0A-AF0F-4AAC-BE87-FA7A89EC6E73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B6DE63A-0510-4FB5-8843-A20E4A0E6B14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D9F6772-8816-4399-B864-5316ED056B6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D4A6F79-77E1-4861-A7E1-BFEA511A4CB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7EFA0DD6-EEED-4569-97EA-2AF4601A1C63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8459E031-25D5-4902-90F1-F5FF9D9C20C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{87CD3EDE-E723-4391-A9A0-70E0F0E26ED4}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{88AD12D4-CB20-4F0B-8953-3872BC42A2B9}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{91F38C16-9C86-4653-9921-9188CE9BC86F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{96F2443F-564C-41FD-808F-AE5C4F566B95}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp wireless assistant\hpwa_main.exe |
"{A039AFC5-309F-49BE-B9ED-82A24BF9CDE2}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp wireless assistant\hpwa_main.exe |
"{A124A467-B736-4171-956D-AA2EA81A2713}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A332589A-5CDF-445C-842D-276403A77084}" = protocol=6 | dir=in | app=c:\users\xoxoxxxoo\appdata\roaming\dropbox\bin\dropbox.exe |
"{AE7B9FBE-C1FC-4A17-945E-7E373E14C59A}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{B3C78948-B25D-469E-8E5D-BE3EC4267D11}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B5CD22E8-5A6A-4629-AE9C-38923D84C9DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9C74CD7-FDB2-4775-A243-B5C34BD697C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB47B2F1-3120-41BA-BE6F-E2D3925A67DF}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{C0B4DDF5-9266-4FA4-924B-DF5F915EE103}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C0BF5714-EFB2-4B70-AEFF-F58DB60F1C8E}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{C0DBB67A-F9E2-407F-83B9-C0C2E1F8BE97}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DAD195D5-BA4F-4786-A096-3209AED3CA2F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E571D126-0F30-476E-A1CB-ACE4332696D3}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{E979F56C-7138-4EC8-86E8-45ED693FF719}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EC78AFBA-4116-47CD-AB23-BECFB965DBE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7D352A9-DA62-4063-96E3-BD9330BC12B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA7172A6-FD72-42E3-B94D-570B75B9D773}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB988B7E-D100-4E8B-BB11-4586AA40F755}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{5621C186-E8B5-45A4-B17E-5A230CE86CF4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{9AB6A95B-5EBD-4F7D-9ED8-684C9648C291}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{AD73406B-0E55-4145-835A-43577BB6B6D9}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{C9C7C4F6-D908-4018-A525-BA3AC4857DE9}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{EC2BEEA8-CB9E-4F2E-8C00-EC54E2339859}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{34CB1633-BEC1-45EB-8502-51A807675E3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{67A26538-891E-40B0-8977-9C6A00D936EA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B5FA5753-2F6C-43E1-9AEC-31C7101676A9}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{CD7BDD75-43DF-4A55-BFDF-FED7171F3761}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{D568A9D1-63EB-4298-834E-E5B036FCCDCE}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C4B2795-B3E9-44FB-BAB2-A8820CF025E4}" = SRS Audio Essentials
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON NX330 Series" = EPSON NX330 Series Printer Uninstall
"Fix RegCleaner_is1" = Fix RegCleaner v1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{35D2E477-8524-4294-9D6A-D8481328389F}" = HP Software Framework
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{64C85B95-E971-4705-B3ED-D4A0153C0D5B}" = SAMSUNG USB Driver for Mobile Phones V5.2.0.0
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1" = MagicCamera 7.2.1
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.2
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"blekkotb_031" = blekko search bar
"FrostWire" = FrostWire 4.21.8
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"N360" = Norton 360
"NAT" = Norton Anti-Theft
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"uTorrent" = ÁTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4183000216-585610615-397079607-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mixxx (1.10.0)" = Mixxx 1.10.0
"Opera 11.60.1185" = Opera 11.60

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4183000216-585610615-397079607-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 11:26:45 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8252

Error - 7/17/2012 11:26:46 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/17/2012 11:26:46 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9251

Error - 7/17/2012 11:26:46 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9251

Error - 7/17/2012 11:26:47 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/17/2012 11:26:47 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10468

Error - 7/17/2012 11:26:47 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10468

Error - 7/18/2012 3:34:41 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/18/2012 3:34:41 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37765907

Error - 7/18/2012 3:34:41 PM | Computer Name = Sweets | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37765907

Error - 7/18/2012 3:49:43 PM | Computer Name = Sweets | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 7/18/2012 3:49:43 PM | Computer Name = Sweets | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ HP Wireless Assistant Events ]
Error - 3/2/2012 10:41:26 AM | Computer Name = Sweets | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 3/4/2012 3:38:28 AM | Computer Name = Sweets | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 3/4/2012 3:38:29 AM | Computer Name = Sweets | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 4/15/2012 10:50:03 AM | Computer Name = Sweets | Source = HP WA Application | ID = 0
Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION


Error - 4/27/2012 10:52:40 PM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/1/2012 6:38:25 PM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/9/2012 9:38:07 AM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/12/2012 12:49:50 PM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/13/2012 4:36:29 AM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/16/2012 6:44:41 AM | Computer Name = Sweets | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Media Center Events ]
Error - 6/11/2012 7:25:40 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 6:25:40 AM - Error connecting to the internet. 6:25:40 AM - Unable
to contact server..

Error - 6/11/2012 7:25:53 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 6:25:45 AM - Error connecting to the internet. 6:25:45 AM - Unable
to contact server..

Error - 6/29/2012 2:31:37 PM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 1:31:17 PM - Error connecting to the internet. 1:31:17 PM - Unable
to contact server..

Error - 8/2/2012 12:00:09 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 11:00:08 PM - Error connecting to the internet. 11:00:09 PM - Unable
to contact server..

Error - 8/2/2012 12:00:20 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 11:00:14 PM - Error connecting to the internet. 11:00:14 PM - Unable
to contact server..

Error - 8/10/2012 10:38:49 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 9:38:43 AM - Error connecting to the internet. 9:38:44 AM - Unable
to contact server..

Error - 8/10/2012 11:38:54 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 10:38:52 AM - Error connecting to the internet. 10:38:52 AM - Unable
to contact server..

Error - 8/10/2012 12:39:27 PM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 11:39:24 AM - Error connecting to the internet. 11:39:25 AM - Unable
to contact server..

Error - 8/10/2012 3:18:26 PM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 2:18:24 PM - Error connecting to the internet. 2:18:24 PM - Unable
to contact server..

Error - 8/16/2012 6:45:28 AM | Computer Name = Sweets | Source = MCUpdate | ID = 0
Description = 5:45:24 AM - Error connecting to the internet. 5:45:24 AM - Unable
to contact server..

[ System Events ]
Error - 8/16/2012 8:22:47 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1079

Error - 8/16/2012 8:22:47 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1079

Error - 8/16/2012 8:22:47 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1079

Error - 8/17/2012 5:45:33 AM | Computer Name = Sweets | Source = WAS | ID = 5002
Description =

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1079

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1079

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1079

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1079

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1079

Error - 8/17/2012 1:24:58 PM | Computer Name = Sweets | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1079


< End of report >

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 22 August 2012 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465594 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 27 August 2012 - 01:35 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users