Is my PC in harm's way?

Solved
By adam88
Dec 6, 2012
  1. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    OTL Extras logfile created on: 12/9/2012 2:57:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop\VIRUS removal by TechSupport
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.80 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 58.29% Memory free
    7.60 Gb Paging File | 5.43 Gb Available in Paging File | 71.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 567.79 Gb Total Space | 204.01 Gb Free Space | 35.93% Space Free | Partition Type: NTFS
    Drive D: | 28.09 Gb Total Space | 4.12 Gb Free Space | 14.67% Space Free | Partition Type: NTFS

    Computer Name: ADAM-HP | User Name: Adam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-2202164160-3790172015-1033908430-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{019EDBAC-39D3-4835-BE68-8A0E4000A0B1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{0674F24D-373E-42B9-B786-A17BD01DBC45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{089D39D0-34EB-4CE6-873D-7677A3CD4582}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1027570E-5E03-48AC-9417-EA8B81CE96BA}" = rport=139 | protocol=6 | dir=out | app=system |
    "{19B589B1-9890-47BB-B51F-51E4021935FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{31F4B1CD-811C-432E-AE2A-8DEA9DA03F64}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3FC4CB67-D0A6-49C0-BF05-548EF3642BF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{42D3C5E8-3812-4751-A18A-749E16FEC174}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{447F9448-AAC6-4CD7-9737-B137F5446DC2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4EA4501A-1641-4DF1-8D28-DB4A226AF9D9}" = rport=445 | protocol=6 | dir=out | app=system |
    "{5B3E9903-E628-4076-879D-2B4130A1B10C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{66552D37-5AD1-4F69-964A-86FF3341C919}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7D166CE7-B837-4984-A415-234F6542906A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{802070C9-C4A5-4D70-8F92-70FFB95F182E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A2962370-4710-4263-B098-5D3C38746908}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C39CAECC-D119-48BC-B811-8FA3D4BA9CE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CD2F66FE-FBCC-4652-B7DC-408C206A5F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D1F0648C-9A8E-4D55-AAEC-036A7CE883A9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D25CB8BE-760D-4025-B91D-68833AEEA45E}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DA4FE830-6E35-4FEB-B6F1-7FC271DDFD17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DDAAAA6D-B40F-438D-A50A-946AF2F237C1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DDCB2954-3C28-4866-9D18-8C30E77D0152}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E93DDE5A-94EC-430E-B69D-165B24D5AAEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ECE301AB-A227-4A64-8136-506AE945F5F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F0054F4C-F236-4FD9-9C01-639EA2159978}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{F998F9E2-8371-422A-B670-092CF55D736A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FC14BA1-AFC0-4EAF-A55E-46465DC74831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{10AB78A7-5720-4899-B667-F20F27017441}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1C7E9F1D-7B38-499E-AEC6-34B4A0BA0D4C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{23C06769-546F-4501-B3F4-07E4B0745978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2430C18D-815C-4EAB-B2ED-8AEFCFFA1B76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2631BAFE-5ADE-4C87-A471-8A34CD708E8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{26528A47-7039-4A04-B3B6-194F52B6E1BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2B1E79DE-6C94-4130-8F3E-E3A6E117C3D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{313521B4-A289-4BA3-9293-385411713AFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{32E1B963-2659-427F-9CC9-DB6558FA81CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{3366CA18-03FE-4801-A47D-974BB74FAE64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{38CD992E-F6FF-4949-9666-0260D37F41AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{39A2692B-8359-4181-B023-D3299BDE08C7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3BC536FE-E4B6-400F-83FD-C121FD5E4C51}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{3C142373-CE54-4088-B114-3556D0A30439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3DE3EF59-2418-4DB9-BA05-87AE0049D989}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A537799-0CEE-46CC-8A3C-599F8E6D2E44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5E6070D0-7E8F-4B07-9546-8C61923542DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{6C8B19FA-1A40-4E8A-A069-D4B799A541F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{6CF5F66A-9CDA-4840-8E2B-C42AF9A4A2E3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{82657370-876D-48C6-929A-ACE8C2CA5774}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{844D14BF-156D-4A43-B002-63E111077862}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{85347588-84F1-4D65-9C0B-42EBA9B72DCD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{869B33CC-25BF-4998-8A2F-6FBC8DFA5B76}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{88930288-69E2-46AB-993B-F5AC416B7AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{91D97233-0F2B-4762-84F4-36B859F2AF2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{A8A93267-F703-4BA4-A0DB-80152975EFF7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B029F26C-BCD5-4EFE-B70E-D7343EB2D1B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B967D320-F949-47C5-8CE5-892E3D73A7C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{BF46FCF5-8F2C-44A1-A4A0-AA42CD6E2601}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C4C624A3-E8D7-4E76-98E5-A95FC1612B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{CBAEE2BE-666A-447B-90E0-059095650CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{EDF67C27-B179-41A0-A207-7225AB59B28D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F5AEB00E-D9CD-4834-91F6-B22A3E8502EF}" = protocol=6 | dir=out | app=system |
    "{FA0CBDB1-6B76-4AF2-86B4-5754DD6573F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{FE413BA0-73FE-4561-8B08-FBBED15720E1}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
    "{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{26A49C2B-B623-4AE8-8192-5225D9F184D2}" = AVG 2012
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{78040857-9518-0409-91B0-9F429CBF0835}" = Autodesk Navisworks Freedom 2012 English Language Pack
    "{78040857-9518-497D-91B0-9F429CBF0835}" = Autodesk Navisworks Freedom 2012
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A04108F4-71E9-FD90-D73D-2058DF6987F4}" = ATI Catalyst Install Manager
    "{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EFA0B23D-4474-4962-B443-C806EB5ED29C}" = Nitro Pro 7
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FED4086D-51A8-E88C-1CF9-BA21A50470EE}" = ccc-utility64
    "Autodesk Navisworks Freedom 2012" = Autodesk Navisworks Freedom 2012
    "AVG" = AVG 2012
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00FB9AA8-5FFF-DDCE-DA2E-530994B59217}" = CCC Help Finnish
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1991D8C3-8354-2228-401C-D3D105CA2AC4}" = CCC Help Chinese Traditional
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2D8539EE-3F50-94DB-2605-047B33558C70}" = CCC Help Thai
    "{2FF2BBBA-341C-4F36-AB55-7398184733CE}" = CCC Help Italian
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{351FDEB3-F974-40FC-88FF-3BB042FB5E4F}" = CSC TEDDS Engineering Library - Australia
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720)
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D1193CC-0658-4C98-B1FF-86CBC5BFB27C}" = HP Documentation
    "{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{5410C77F-B22F-61FE-7D93-0BEDBC959FF3}" = PX Profile Update
    "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
    "{5719D840-C30E-7DD3-C746-00B3A5C9BD6B}" = CCC Help Korean
    "{5EDE7E1A-E386-BB8B-CD77-3B5AF9A8D80B}" = CCC Help Greek
    "{64290220-1716-1156-9324-004005470643}" = Straus7 Release 2.2.3
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{670E7FFC-95FF-C425-BD00-91C120352C4B}" = CCC Help Turkish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A396792-1CA6-E9E5-9844-512238F70C95}" = CCC Help Swedish
    "{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6DC6392C-4D8C-D21E-A0DD-750BD76627F6}" = CCC Help Chinese Standard
    "{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74796D37-75F9-C430-CC1D-FCE8371D5EB3}" = CCC Help English
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7FBDEEDA-ECDB-A348-0FBC-41AD5D852B36}" = Catalyst Control Center Localization All
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{818FD2AE-1011-4487-A0DC-71ADB78F2618}" = CSC Common
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AC3E7BB-F819-379B-3F81-255904B67A8A}" = CCC Help Czech
    "{8C696008-029B-BBA7-9CD3-45596A069D96}" = CCC Help Polish
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{91892B48-4503-D842-59A0-842F70503843}" = CCC Help Portuguese
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{946B0558-3E7B-D27B-2E95-3A2E99BCB826}" = Catalyst Control Center Graphics Previews Common
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9902DD1A-58CD-EE2D-1401-EF1D07D3D353}" = CCC Help Japanese
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A44E3886-B7E7-ABA4-57C7-B423992CB536}" = Catalyst Control Center InstallProxy
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAD4E5A4-68CD-7957-81EF-8B50DBA5E939}" = CCC Help Danish
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
    "{AE8289AB-E18C-36E6-BF9B-99557D9F7517}" = Catalyst Control Center Graphics Previews Vista
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
    "{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
    "{B4E586EE-6E4C-454C-9DB4-676DFC9ECFD2}" = CSC TEDDS
    "{B719C82F-A3AC-ED37-3E2A-947E5A7BA214}" = CCC Help Hungarian
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7AAB32A-AA73-ECFD-4F43-F41CFA2CD540}" = ccc-core-static
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D3538C4C-8DAF-88CD-55B0-CBF12DECF5A6}" = CCC Help Spanish
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D57588F6-2D35-42B5-5C96-4FC3EB3EF7CE}" = CCC Help Russian
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DBE31207-21B1-5688-450E-9B958643FD2C}" = CCC Help Norwegian
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE311B9A-4C1D-C746-264E-DB2A5C6DD2ED}" = CCC Help French
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
    "{DFC63A26-1EF4-A666-BE94-1DF7351DA7BE}" = CCC Help Dutch
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{EA4D0EA6-B027-4245-AD15-D42ACB22732B}" = CSC Licensing
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECE8D6A5-974F-42A1-9A76-2450DB4FB04C}" = CSC Update Service
    "{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FBBCD35F-930F-9B68-7A80-A668A68FE86A}" = CCC Help German
    "{FBE9670D-C3DA-4561-BB89-251B82E2E92B}" = Thinkwell
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ESET Online Scanner" = ESET Online Scanner v3
    "Fences Pro" = Fences Pro
    "Google Chrome" = Google Chrome
    "GROUP v7.0" = GROUP v7.0
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "ImTOO iPhone Transfer Platinum" = ImTOO iPhone Transfer Platinum
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Internet Download Manager" = Internet Download Manager
    "Limcon V3" = Limcon V3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microstran V9" = Microstran V9
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "PowerISO" = PowerISO
    "RocketDock_is1" = RocketDock 1.3.5
    "SolidWorks 2001" = SolidWorks 2001
    "The KMPlayer" = The KMPlayer
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087343" = Dora's World Adventure
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT089299" = Mystery P.I. - The London Caper
    "WT089300" = World Cup Cricket 20-20
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "ZumoDrive" = HP CloudDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2202164160-3790172015-1033908430-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "InteractivePhysics2005" = InteractivePhysics2005

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/10/2012 12:00:12 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 29329

    Error - 6/10/2012 12:00:12 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 29329

    Error - 6/10/2012 12:00:14 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/10/2012 12:00:14 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 30374

    Error - 6/10/2012 12:00:14 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 30374

    Error - 6/10/2012 12:00:15 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/10/2012 12:00:15 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 31871

    Error - 6/10/2012 12:00:15 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 31871

    Error - 6/10/2012 12:00:16 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/10/2012 12:00:16 AM | Computer Name = Adam-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 33088

    [ Hewlett-Packard Events ]
    Error - 1/26/2012 9:30:46 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226093042.xml
    File not created by asset agent

    Error - 2/2/2012 4:38:11 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021202043806.xml
    File not created by asset agent

    Error - 2/23/2012 6:25:24 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021223062520.xml
    File not created by asset agent

    Error - 3/8/2012 4:33:03 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031208043300.xml
    File not created by asset agent

    Error - 3/22/2012 4:50:15 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031222045011.xml
    File not created by asset agent

    Error - 4/19/2012 4:01:37 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041219040130.xml
    File not created by asset agent

    Error - 4/26/2012 4:52:20 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041226045215.xml
    File not created by asset agent

    Error - 5/10/2012 6:49:09 PM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051211064906.xml
    File not created by asset agent

    Error - 6/14/2012 6:59:23 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061214065917.xml
    File not created by asset agent

    Error - 6/14/2012 6:59:26 AM | Computer Name = Adam-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061214065923.xml
    File not created by asset agent

    [ HP Wireless Assistant Events ]
    Error - 11/30/2012 11:18:02 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 11/30/2012 11:18:08 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 12/3/2012 4:44:24 AM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 12/3/2012 4:44:31 AM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 12/3/2012 6:37:35 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 12/3/2012 6:37:39 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 12/3/2012 6:40:05 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 12/3/2012 6:40:06 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 12/4/2012 7:39:45 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 12/4/2012 7:39:53 PM | Computer Name = Adam-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    [ Media Center Events ]
    Error - 9/27/2011 1:41:21 AM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 1:41:21 PM - Error connecting to the internet. 1:41:21 PM - Unable
    to contact server..

    Error - 9/27/2011 1:41:26 AM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 1:41:26 PM - Error connecting to the internet. 1:41:26 PM - Unable
    to contact server..

    Error - 9/27/2011 10:18:22 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:18:22 AM - Error connecting to the internet. 10:18:22 AM - Unable
    to contact server..

    Error - 9/27/2011 10:18:32 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:18:27 AM - Error connecting to the internet. 10:18:27 AM - Unable
    to contact server..

    Error - 9/28/2011 10:25:28 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:25:28 AM - Error connecting to the internet. 10:25:28 AM - Unable
    to contact server..

    Error - 9/28/2011 10:25:39 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:25:33 AM - Error connecting to the internet. 10:25:33 AM - Unable
    to contact server..

    Error - 10/1/2011 10:29:38 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:29:38 AM - Error connecting to the internet. 10:29:38 AM - Unable
    to contact server..

    Error - 10/1/2011 10:30:16 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 10:30:10 AM - Error connecting to the internet. 10:30:10 AM - Unable
    to contact server..

    Error - 10/1/2011 11:30:20 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 11:30:20 AM - Error connecting to the internet. 11:30:20 AM - Unable
    to contact server..

    Error - 10/1/2011 11:30:26 PM | Computer Name = Adam-HP | Source = MCUpdate | ID = 0
    Description = 11:30:25 AM - Error connecting to the internet. 11:30:25 AM - Unable
    to contact server..

    [ System Events ]
    Error - 12/9/2012 12:44:18 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/9/2012 12:46:15 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.

    Error - 12/9/2012 1:15:15 AM | Computer Name = Adam-HP | Source = DCOM | ID = 10010
    Description =

    Error - 12/9/2012 2:34:34 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7031
    Description = The Norton Internet Security service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 120000
    milliseconds: Restart the service.

    Error - 12/9/2012 2:39:19 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/9/2012 2:39:31 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/9/2012 2:42:21 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.

    Error - 12/9/2012 2:48:21 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/9/2012 2:48:47 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 12/9/2012 2:49:25 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.


    < End of report >
  2. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    ... and to answer your questions:

    Norton had arrived pre-installed and I know that the primary user of the computer removed it (?) (possibly using the standard procedure)
    The computer has been behaving 'normally' but so was the one infected with Ramnit :)
  3. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-2202164160-3790172015-1033908430-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
      O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
      [2012/11/10 23:44:05 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  4. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2202164160-3790172015-1033908430-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Adam
    ->Temp folder emptied: 466767051 bytes
    ->Temporary Internet Files folder emptied: 344804 bytes
    ->Java cache emptied: 22769 bytes
    ->FireFox cache emptied: 89048572 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Tracy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 147107244 bytes
    ->Java cache emptied: 2317960 bytes
    ->FireFox cache emptied: 66332869 bytes
    ->Flash cache emptied: 541 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22440 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 70846992 bytes

    Total Files Cleaned = 804.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Adam
    ->Java cache emptied: 0 bytes

    User: Tracy
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Adam
    ->Flash cache emptied: 0 bytes

    User: Tracy
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12102012_083610

    Files\Folders moved on Reboot...
    C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  5. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 29
    Java 7 Update 9
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.5.502.110
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (17.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Adam Desktop VIRUS removal by TechSupport SecurityCheck.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Symantec Norton Online Backup NOBuAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  6. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Farbar Service Scanner Version: 07-12-2012
    Ran by Adam (administrator) on 10-12-2012 at 09:06:19
    Running from "C:\Users\Adam\Desktop\VIRUS removal by TechSupport"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  7. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    TFC has been running for the last 12 hrs absorbing 28% of CPU, is it ok?
  8. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Just woke up and checked on the PC status (running TFC for 20 hrs now) and it looks like it rebooted (?) itself, is it in order?
    Shall I repeat TFC or start running ESET online scan?
  9. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Re-run TFC from safe mode and then Eset from normal mode.
  10. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Similar behavior of TFC in Safe mode.
    I realized that it quickly processes the Default and 2 registered users accounts and then gets very busy (hot and noisy, 28% of CPU consumption, running for 12 hrs now) with the Public users module
  11. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Opera browser
    Click Opera at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    Click Exit on the Main menu to close the program.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Still with me?
  13. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Sorry ... I thought we are wrapped up and I am in the clear?
  14. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Did you run ATF?
    What about Eset scan log?
  15. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Sorry, I have been extremely busy during this pre-Xmas rush in the office, did not have time to look after my own PC
  16. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    No problem :)

    [​IMG]
  17. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Thanks for your understanding :)

    I just ran the ATF, no files removed (Main + Firefox)
    Starting Eset online now, it may take some time :), I assume you will stay awake :) for another 3 (?) hrs ?

    Btw, I just happened to try to start the Windows Firewall, got some rootkit-related error instead ...

    Also, I completely re-vamped (as per your advice) my ex-Ramnit PC, what tests/scans should I run first to determine its health?

    Thanks
  18. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    I need more details...
  19. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Windows Firewall can't change some of your settings
    Error code 0x80070424
  20. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Did Eset finish?

    As for Windows firewall...

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.
  21. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Good morning :)
    Eset finished with no errors.

    In the meantime, I happened to witness Windows (auto) update and realized that it was not entirely successful ("Failure to configure Windows updates" (well, at least some)). Even though I tried to complete the update manually and did few rounds, it was never complete.
  22. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Follow my previous reply.
  23. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Re Step 4

    There are now more (35) options for Windows Repair (1.9.2), instead of 23 (older version, your instructions above)
    Please advise which options, out of these 35, to tick
  24. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Run it as it is with all default checkmarks.
  25. adam88

    adam88 Newcomer, in training Topic Starter Posts: 68

    Follow the defaults of the latest version or the defaults of the version from your instruction (some do not match!)?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.