[A] win32/Small.CA virus

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.17.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
moradm :: KDOLCNU13000JF [administrator]
1/18/2013 12:59:14 PM
mbam-log-2013-01-18 (12-59-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211494
Time elapsed: 3 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : moradm [Admin rights]
Mode : Scan -- Date : 01/18/2013 19:05:27
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] fbd9c7f5ff832d233b4b4c256f8e7e3b
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 616448 | Size: 610791 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1251516416 | Size: 104311 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4571f5c52ac61e069cd22019eadbae19
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo
Finished : << RKreport[1]_S_01182013_02d1905.txt >>
RKreport[1]_S_01182013_02d1905.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : moradm [Admin rights]
Mode : Scan -- Date : 01/18/2013 19:05:45
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] fbd9c7f5ff832d233b4b4c256f8e7e3b
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 616448 | Size: 610791 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1251516416 | Size: 104311 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4571f5c52ac61e069cd22019eadbae19
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo
Finished : << RKreport[2]_S_01182013_02d1905.txt >>
RKreport[1]_S_01182013_02d1905.txt ; RKreport[2]_S_01182013_02d1905.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : moradm [Admin rights]
Mode : Remove -- Date : 01/18/2013 19:06:53
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] fbd9c7f5ff832d233b4b4c256f8e7e3b
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 616448 | Size: 610791 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1251516416 | Size: 104311 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4571f5c52ac61e069cd22019eadbae19
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo
Finished : << RKreport[3]_D_01182013_02d1906.txt >>
RKreport[1]_S_01182013_02d1905.txt ; RKreport[2]_S_01182013_02d1905.txt ; RKreport[3]_D_01182013_02d1906.txt

The mbar.exe gave me BSOD

BOSD said

bad_pool_header

*BSOD

sorry

No go BSOD in safe mode also...

Do you think backtrack 5 chrootkit would do it?

ComboFix 13-01-17.04 - moradm 01/18/2013 20:14:34.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.5497 [GMT -6:00]
Running from: c:\users\moradm\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\LAEA1BC.tmp
c:\windows\TEMP\LAEA1D3.tmp
c:\windows\TEMP\LAEA216.tmp
c:\windows\TEMP\LAEA338.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 02:20 . 2013-01-19 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 01:35 . 2013-01-19 01:35 -------- d-----w- c:\users\TEMP
2013-01-18 21:32 . 2013-01-18 21:32 -------- d-----w- c:\program files (x86)\ESET
2013-01-18 17:43 . 2013-01-18 17:44 -------- d-----w- c:\program files (x86)\DataSorption
2013-01-18 17:42 . 2013-01-18 21:21 -------- d-----w- c:\users\moradm\AppData\Local\Coupon Companion Plugin
2013-01-18 06:28 . 2013-01-18 06:28 -------- d-----w- c:\users\moradm\AppData\Roaming\Curiolab
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2013-01-17 20:21 . 2013-01-17 20:23 110080 ----a-r- c:\users\moradm\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2013-01-17 20:20 . 2013-01-17 20:51 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-17 17:57 . 2013-01-17 17:57 -------- d-----w- c:\users\moradm\AppData\Local\Programs
2013-01-08 19:55 . 2013-01-08 19:55 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:20 . 2012-08-08 14:17 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:20 . 2012-01-04 21:52 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 16:53 . 2012-11-12 19:39 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-08 16:52 . 2012-11-12 19:38 42632 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2013-01-08 16:52 . 2012-11-12 19:38 288176 ----a-w- c:\windows\system32\SymVPN.dll
2013-01-08 16:52 . 2012-11-12 19:38 81840 ----a-w- c:\windows\system32\FwsVpn.dll
2013-01-08 16:52 . 2012-11-12 19:38 119816 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-12-14 22:49 . 2012-09-20 23:10 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 19:38 . 2012-11-12 19:38 58288 ----a-w- c:\windows\SysWow64\snacnp.dll
2012-11-12 19:38 . 2012-11-12 19:38 58288 ----a-w- c:\windows\system32\snacnp.dll
2012-11-12 19:38 . 2012-11-12 19:38 519600 ----a-w- c:\windows\system32\sysfer.dll
2012-11-12 19:38 . 2012-11-12 19:38 380848 ----a-w- c:\windows\SysWow64\sysfer.dll
2012-11-12 19:38 . 2012-11-12 19:38 11184 ----a-w- c:\windows\system32\sysferThunk.dll
2012-11-12 19:38 . 2012-11-12 19:38 10672 ----a-w- c:\windows\SysWow64\sysferThunk.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-12-18 1264360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2009-02-04 78848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInplaceSharing"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-06-15 70280]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [2011-03-30 1254464]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-14 157184]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [2012-10-08 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 Guard Agent;Guard Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-05-03 24712]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R4 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-05-03 58504]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-05-03 48776]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [2012-10-08 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [2012-10-08 932472]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-07-07 136192]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx64.sys [2012-11-14 1384608]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-05-03 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-05-03 189576]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130117.011\IDSvia64.sys [2012-11-13 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [2012-10-08 171128]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [2012-10-08 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-28 203264]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2012-02-20 605040]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [2012-10-08 137208]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2012-05-04 210944]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-01-10 603896]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-08 138912]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 19:20]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775Core.job
- c:\users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:42]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775UA.job
- c:\users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://prod.campuscruiser.com/eicc/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: C&all - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: eicc.edu\myeiccd
Trusted Zone: eiccd-sccm01
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.eiccd.net/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289} - c:\program files (x86)\InstallShield Installation Information\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-18 20:22:28
ComboFix-quarantined-files.txt 2013-01-19 02:22
ComboFix2.txt 2013-01-18 20:38
.
Pre-Run: 515,042,541,568 bytes free
Post-Run: 514,657,882,112 bytes free
.
- - End Of File - - A6C55405FBF05BA5E2EE82549A9F2119

Well action center is still saying the virus is there

No just tells me to remove it.

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 20:42:27
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : moradm - KDOLCNU13000JF
# Boot Mode : Normal
# Running from : C:\Users\moradm\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\moradm\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\moradm\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1563 octets] - [18/01/2013 20:40:27]
AdwCleaner[S1].txt - [1520 octets] - [18/01/2013 20:42:27]

########## EOF - C:\AdwCleaner[S1].txt - [1580 octets] ##########

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 20:40:27
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : moradm - KDOLCNU13000JF
# Boot Mode : Normal
# Running from : C:\Users\moradm\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\moradm\AppData\LocalLow\Conduit
Folder Found : C:\Users\moradm\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1436 octets] - [18/01/2013 20:40:27]
########## EOF - C:\AdwCleaner[R1].txt - [1496 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Professional x64
Ran by moradm on Fri 01/18/2013 at 20:58:59.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/18/2013 at 21:09:08.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 1/18/2013 9:15:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\moradm\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 68.03% Memory free
15.87 Gb Paging File | 12.67 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.48 Gb Total Space | 479.32 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive E: | 16.87 Gb Total Space | 2.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.68% Space Free | Partition Type: FAT32
Drive H: | 80.00 Gb Total Space | 77.82 Gb Free Space | 97.28% Space Free | Partition Type: NTFS

Computer Name: KDOLCNU13000JF | User Name: moradm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB7BEF4-6A08-48EF-A3EC-050E39DB093B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{0DE68BF4-A9B5-4A99-8F3B-03674E6DF212}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D0A448E-9EA5-44F6-BEF3-C2F82362D4C6}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{3695F97C-237E-4EDB-A659-DB8D6306960D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D420837-2ACE-4EAF-82D6-BF0CB22357DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59C02012-300E-4681-86E6-99BDB240622B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{81D87C64-2FB0-4885-A6C2-9CAFB8861D52}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{899D6CED-26C1-415F-830E-5BF785CD9D8F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C9296A9-957A-4B6B-A64E-519BF3759919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A81A1D31-5522-43C1-A63E-2132EE2BF8D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9BC0CD0-4A17-4DDB-9DEA-D96AA2B7845C}" = lport=2701 | protocol=6 | dir=in | app=c:\windows\ccm\remctrl\cmrcservice.exe |
"{BDFC1E28-7ABB-4124-8D73-981B3BDCE6FB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4D96ED2-F478-4969-8831-99C20AC2F8D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D12F8974-1CEF-4167-8DAC-BE55B51FDC44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD353AEC-C2C5-4491-A34A-DA05CEBEB708}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03770006-AB29-43FC-AE5B-E9F7BFF5E3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{0EFB0269-2194-4D2B-9920-0D48CEA592E7}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\snac64.exe |
"{26D3404C-1193-4A81-874E-A658D834F2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{38446680-86DB-4424-BB3C-CC52B6DE1B06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{516E433F-1A17-48C1-88BC-2FA1A2552401}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\smc.exe |
"{56593BBF-18ED-4299-AAE4-88D9520E7078}" = protocol=6 | dir=in | app=c:\windows\tiremote\tiremoteservice.exe |
"{5EDF767F-7780-4367-A20B-8A99B3282EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{67871E96-B2A9-4BCA-BDE0-6CE479613132}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{69A38363-7B5F-4178-93EF-AC1FC913A504}" = protocol=17 | dir=in | app=c:\program files (x86)\cisco systems\unified personal communicator\cupc.exe |
"{7EE5D1A5-63E6-4E69-BC25-2D7500764A19}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\smc.exe |
"{84E26FFD-3644-4D08-887E-063886642942}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{8F74DF19-EF30-459C-B41C-3140F3A01159}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8FED4EA5-8699-4FF3-B6A2-76C190DCF990}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{9C4B02DC-E499-402E-93FB-C6A5FEB0B2BE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\cisco systems\client services framework\cucsf.exe |
"{9DBED4D3-3EFC-439C-B89C-0834B435AFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{A3BDC87F-0089-4E0E-86CA-D4963B92BC44}" = protocol=17 | dir=in | app=c:\windows\tiremote\tiremoteservice.exe |
"{A8A20975-5B5D-43CB-9649-E404A89FA645}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD73D972-56DB-4F4A-A6C2-BEDB0919A89B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7AE0454-3F5D-4FF0-BBDB-F08C73108AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{CBAC4106-A9EB-40A2-B039-972809A599C9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\cisco systems\client services framework\cucsf.exe |
"{CCFBD220-8BF0-43D4-ABD0-1608988D4A44}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.1101.401.105\bin64\snac64.exe |
"{D7C0AE85-D82E-457A-8329-C6AEB42D203C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF169A9E-7F66-4931-A127-815F04048E32}" = protocol=6 | dir=in | app=c:\program files (x86)\cisco systems\unified personal communicator\cupc.exe |
"{EA8707FF-EA26-40D4-A9C8-3ECD6A21F44F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{376CBB7C-A86E-400D-8702-ABA2EFDE35D7}" = Microsoft Policy Platform
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4ADBF5BE-7CAF-4193-A1F9-DE6820E68569}" = Symantec Endpoint Protection
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{555ECC75-AB3B-6434-8900-2BBA4F91F107}" = ccc-utility64
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{63E42DE7-C468-31B0-E373-173C67C87B88}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{781F8685-FF55-4D1C-9FC5-797160E418B2}" = Configuration Manager Client
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}" = SpyHunter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}" = WMV9/VC-1 Video Playback
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDD Unlock Wizard_is1" = HDD Unlock Wizard v4.2
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{059FC833-447B-45E8-BA27-0189C4DC2D88}" = Cisco AnyConnect VPN Client
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F10409-00BB-8843-4813-37FDDD972CB1}" = CCC Help Chinese Standard
"{08FB6F00-7D8D-5474-B70D-607638405BEB}" = CCC Help Korean
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{12379137-5A34-8311-A00C-4571E468F507}" = CCC Help Polish
"{1392513C-F92A-2893-E263-071E943CB4B8}" = Catalyst Control Center InstallProxy
"{1529490E-DC67-A7DA-E7FE-789B929E67F0}" = CCC Help Norwegian
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2E07A6AE-C2EC-05DB-8344-B562E5D9E341}" = CCC Help Swedish
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E918CE9-BDA6-282D-0E19-E11DF8004ABE}" = CCC Help Thai
"{4114A073-7385-4742-8A5E-A5788FAC838F}" = ArcSoft TotalMedia
"{4441B01C-0AF2-6EE7-CDB3-AD0DB41E7147}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{668643A5-48DD-B0E9-62E1-1FDA18D54F66}" = CCC Help Finnish
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69EA3784-E961-76A2-6C11-7B83AA50E56A}" = CCC Help Czech
"{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}" = HP Documentation
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71543470-E3F8-6A06-08C8-783CD286D2BA}" = CCC Help German
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{76BAC71B-00A7-BBFA-5DAE-EEB0DF9F4098}" = CCC Help English
"{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes
"{7BA6DF02-B094-45D7-A3C9-BE3684253922}" = Urruneko konexioetarako Windows Live Mesh ActiveX kontrola
"{7CF1347C-61F6-C495-127C-912FD6CB432D}" = CCC Help Japanese
"{80C45B94-2BA0-8E23-95A7-8A9FCD836EFD}" = PX Profile Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BE1D9F-FC67-E84E-F73A-BC7125E3B717}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007A-0403-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-042D-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1EFCBD2-B171-E24D-FAD2-4E711A312DEF}" = CCC Help Danish
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{AB9F8790-4ECB-1BFA-1B80-21DCD40664C3}" = CCC Help Greek
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AE6BF609-EF6A-8764-85EE-6CC65602D88E}" = CCC Help Chinese Traditional
"{B26B64E8-DB83-7904-2DF9-F92A7ABC14D9}" = Catalyst Control Center Localization All
"{B3E31950-C92F-BCD9-963D-A520887A262A}" = CCC Help Turkish
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE211EBE-AC92-515C-D122-A9DD0BC9FFA9}" = Catalyst Control Center
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6CD49BC-E6A5-F247-0489-F3188F300A8E}" = Catalyst Control Center Profiles Mobile
"{C7C60D93-E5B7-82D7-44A4-E3EE404B56A3}" = CCC Help Dutch
"{CBD548E9-E421-7B51-5732-2F63B37589E2}" = CCC Help French
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D7922D23-642E-0649-A3C9-38F9E0FA263E}" = CCC Help Russian
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF63FA79-75AE-45D6-715E-81E92F134702}" = CCC Help Italian
"{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}" = HP Support Assistant
"{E2531547-0789-690E-9F12-3EDBDBC64DA8}" = CCC Help Spanish
"{E2F7F731-1A21-4AFE-8B8B-1B6FAD3ACDAE}" = Cisco Unified Personal Communicator
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07E6C5F-6AE1-72B3-8659-08E2ABB86DF8}" = Catalyst Control Center Graphics Previews Common
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"EASEUS Partition Master Technician Edition_is1" = EASEUS Partition Master 9.1.0 Technician Edition
"EMCO Remote Desktop Professional_is1" = EMCO Remote Desktop Professional
"ESET Online Scanner" = ESET Online Scanner v3
"ExamView Player" = ExamView Player
"ExamView Pro" = ExamView Assessment Suite
"FUSION WOL_is1" = FUSION WOL v1.0
"ImgBurn" = ImgBurn
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McGraw-Hill EZ Test" = McGraw-Hill EZ Test
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"My HP Game Console" = HP Game Console
"Notepad++" = Notepad++
"Numara Track-It! Agent" = Numara Track-It! 10.5 Agent
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SMS Admin UI" = Microsoft System Center Configuration Manager 2007 Console
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"WildTangent hp Master Uninstall" = HP Games
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"XobniMain" = Xobni

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"889bab5aedeb1341" = Numara Track-It! Technician Client
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 11:12:30 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a0 Start
Time: 01cdf5f2937a5636 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Cisco AnyConnect VPN Client Events ]
Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:25 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1236 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport:ostConnectProcessing File: .\IPC\SocketTransport.cpp
Line:
1337 Invoked Function: ::WSAConnect Return Code: 10061 (0x0000274D) Description: No
connection could be made because the target machine actively refused it.

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522804 (0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1236 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522804
(0xFE1F000C) Description: SOCKETTRANSPORT_ERROR_CONNECT

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 1/18/2013 3:58:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ Hewlett-Packard Events ]
Error - 3/22/2012 10:11:14 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031222091111.xml
File not created by asset agent

Error - 4/4/2012 6:35:52 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041204053549.xml
File not created by asset agent

Error - 8/16/2012 10:14:24 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081216091421.xml
File not created by asset agent

Error - 11/14/2012 7:13:37 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111214051334.xml
File not created by asset agent

Error - 11/14/2012 7:13:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111214051337.xml
File not created by asset agent

Error - 11/29/2012 12:23:36 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 12/6/2012 11:02:28 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121206090225.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 9/20/2012 6:59:13 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpMobile | ID = 5
Description = 2012/09/20 17:59:13.254|00000B50|Error |[HP.Mobile]Lan::.ctor{}|Value
cannot be null. Parameter name: o

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 9/20/2012 9:07:08 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = hpCMSrv | ID = 5
Description = 2012/09/20 20:07:08.121|00001F1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Power Assistant Events ]
Error - 11/15/2012 8:33:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 11/15/2012 8:33:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The remote procedure call failed and did not execute.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 11/15/2012 8:34:04 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 1/10/2013 11:34:16 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The handle is invalid.

Error - 1/16/2013 1:50:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 1/16/2013 1:50:39 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1027
Description = An error occured in HP Power Assistant application, module [HPPA_Service].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS The type initializer for 'hpCasl.Command' threw an exception.

Error - 1/16/2013 1:50:40 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Service | ID = 1006
Description = The Power Assistant service has crashed due to an unhandled exception.
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Exception has been thrown by the target of an invocation.ServiceWorkerMethod
ABORTED! -

Error - 1/16/2013 1:50:42 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS The handle is invalid.

[ Symantec Endpoint Protection Client Events ]
Error - 11/12/2012 3:46:16 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!CainAbel in File: c:\program files (x86)\cain\winrtgen\lm_all-space#1-7_0_2400x40000000_oxid#000.rt
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 11/12/2012 5:18:19 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/13/2012 1:52:09 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/13/2012 6:08:41 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 11/14/2012 10:56:35 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe
by: SONAR scan. Action: . Action Description: Access Denied

Error - 1/18/2013 12:01:49 AM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711753
Description = SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure

Error - 1/18/2013 1:43:26 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!SecurityRisk.Downldr in File: C:\Users\moradm\AppData\Local\Updater21804\Updater21804.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 3:07:01 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!SecurityRisk.Downldr in File: C:\Users\moradm\AppData\Local\Updater21804\Updater21804.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 1/18/2013 10:56:34 PM | Computer Name = KDOLCNU13000JF.eiccd.net | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!WS.Reputation.1 in File: C:\Users\moradm\Desktop\JRT.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.


< End of report >