Solved Using FRST removal tool: Now what? C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC0

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.21.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
robin :: ROBIN-PC [administrator]
8/21/2012 11:41:09 PM
mbam-log-2012-08-21 (23-41-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222933
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logfile created on: 8/21/2012 11:47:13 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 56.12% Memory free
7.49 Gb Paging File | 5.45 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.84 Gb Total Space | 174.60 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive D: | 21.95 Gb Total Space | 2.89 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive E: | 97.01 Mb Total Space | 86.87 Mb Free Space | 89.55% Space Free | Partition Type: FAT32
Drive F: | 4.38 Gb Total Space | 4.23 Gb Free Space | 96.66% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 71.84 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive H: | 495.71 Mb Total Space | 450.03 Mb Free Space | 90.79% Space Free | Partition Type: FAT

Computer Name: ROBIN-PC | User Name: robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 23:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\robin\Desktop\OTL.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/03/06 00:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/10/20 15:32:48 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/19 12:06:10 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/04/19 12:06:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/09/15 11:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/01/27 17:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/18 18:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/06 04:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/07 21:20:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/06 00:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/06 03:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/19 12:06:11 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/13 17:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/16 17:01:30 | 000,070,984 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT-USB64.SYS -- (RT-USB)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/09 01:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/28 14:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 16:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/07/11 15:57:08 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007/07/11 11:07:36 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007/07/11 11:04:40 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2010/02/22 20:23:46 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/25 18:54:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80947E46-159D-4CA9-819D-E8B798009E64}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{F693E4D8-036A-4043-8D4B-71510D8AE09E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80947E46-159D-4CA9-819D-E8B798009E64}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{F693E4D8-036A-4043-8D4B-71510D8AE09E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..\SearchScopes\{153C06E2-1260-468C-AAD3-36CE086DAFFC}: "URL" = http://wiki.ross-tech.com/index.php/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca/search?q={sear...putEncoding}&sourceid=ie7&rlz=1I7SKPT_enCA429
IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-391809594-4175036034-412354412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\robin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/26 19:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/19 22:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/23 22:01:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/23 22:01:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Skype Click to Call = C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2012/08/21 22:33:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041412 serial=DR12WEX-1504397-KTY lang=EN File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-391809594-4175036034-412354412-1001..\Run: [Facebook Update] C:\Users\robin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-391809594-4175036034-412354412-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-391809594-4175036034-412354412-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..Trusted Domains: garp.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..Trusted Domains: yorkcas.org ([citrix] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A97584-85D3-49E8-A54E-F56308814A21}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - G:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 23:45:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\robin\Desktop\OTL.exe
[2012/08/21 23:39:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\robin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/21 23:10:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\robin\Desktop\aswMBR.exe
[2012/08/21 22:56:22 | 001,610,656 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\robin\Desktop\rkill.exe
[2012/08/21 22:33:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/21 22:17:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/21 22:17:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/21 22:17:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/21 22:13:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/21 22:12:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/21 01:15:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/20 20:23:28 | 000,000,000 | ---D | C] -- C:\temp
[2012/08/20 20:23:28 | 000,000,000 | ---D | C] -- C:\dvmexp
[2012/08/20 20:23:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SeaPort
[2012/08/20 20:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2012/08/15 11:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/08/15 10:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/08/15 10:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/15 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\robin\AppData\Roaming\Malwarebytes
[2012/08/15 10:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/15 10:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/15 10:06:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/15 10:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/14 19:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/14 19:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/14 19:36:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/14 09:43:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/13 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/08/13 21:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/31 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\robin\AppData\Local\{63073B68-E39B-4ECF-8883-53DD3F1759EC}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\robin\Documents\*.tmp files -> C:\Users\robin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 23:45:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\robin\Desktop\OTL.exe
[2012/08/21 23:40:31 | 000,001,095 | ---- | M] () -- C:\Users\robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/21 23:40:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 23:39:08 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\robin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/21 23:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 23:14:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:14:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:12:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001UA.job
[2012/08/21 23:08:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\robin\Desktop\aswMBR.exe
[2012/08/21 23:07:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 23:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 23:06:18 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 22:55:22 | 000,469,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/21 22:50:34 | 001,610,656 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\robin\Desktop\rkill.exe
[2012/08/21 22:33:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/21 22:15:15 | 000,639,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/21 22:15:15 | 000,112,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/21 21:29:24 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2012/08/20 20:13:22 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001Core.job
[2012/08/16 21:01:50 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/08/16 20:59:19 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/15 10:53:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 19:39:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/14 19:38:53 | 000,743,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/13 22:24:44 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/08 21:57:21 | 000,302,924 | ---- | M] () -- C:\Users\robin\Desktop\Holidy gift guide.pdf
[2012/08/07 22:20:05 | 000,047,759 | ---- | M] () -- C:\Users\robin\Desktop\0812-module-whoot-v2.jpg
[2012/08/07 10:07:14 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 07:59:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobin.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\robin\Documents\*.tmp files -> C:\Users\robin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/21 23:40:31 | 000,001,095 | ---- | C] () -- C:\Users\robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/21 22:17:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/21 22:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/21 22:17:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/21 22:17:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/21 22:17:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/20 20:23:31 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2012/08/15 11:01:12 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/08/15 11:01:12 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/15 10:06:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 19:38:56 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 21:57:21 | 000,302,924 | ---- | C] () -- C:\Users\robin\Desktop\Holidy gift guide.pdf
[2012/08/07 22:20:15 | 000,047,759 | ---- | C] () -- C:\Users\robin\Desktop\0812-module-whoot-v2.jpg
[2012/08/01 11:32:09 | 000,122,086 | ---- | C] () -- C:\Users\robin\Desktop\Resume (Jul 16-12).pdf
[2012/03/26 14:15:19 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2012/02/23 10:47:46 | 000,005,120 | ---- | C] () -- C:\Users\robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 21:51:26 | 000,207,613 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/09/20 12:25:45 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/07 17:24:08 | 000,000,129 | ---- | C] () -- C:\Users\robin\jagex_runescape_preferences2.dat
[2011/06/07 17:22:52 | 000,000,034 | ---- | C] () -- C:\Users\robin\jagex_runescape_preferences.dat
[2011/05/09 13:03:51 | 000,007,597 | ---- | C] () -- C:\Users\robin\AppData\Local\Resmon.ResmonCfg
[2011/04/30 11:20:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/29 12:18:21 | 000,028,674 | ---- | C] () -- C:\Windows\SysWow64\egnkg32.dll
[2011/04/12 12:02:01 | 000,001,854 | ---- | C] () -- C:\Users\robin\AppData\Roaming\GhostObjGAFix.xml
[2011/03/26 08:43:12 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/03/25 16:18:16 | 000,743,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/09/19 08:14:40 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\5400 Series
[2011/05/01 10:22:49 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\Command and Conquer 4
[2011/03/24 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\DigitalPersona
[2011/04/27 10:32:09 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\GARMIN
[2011/06/17 18:41:36 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\go
[2011/04/05 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\ICAClient
[2012/02/22 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\iSpring Solutions
[2011/03/24 03:41:37 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\PictureMover
[2011/06/07 17:21:20 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\PlayFirst
[2011/04/12 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\Red Alert 3
[2011/03/24 04:12:51 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\Tific
[2011/05/01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\Ulead Systems
[2012/04/27 21:25:38 | 000,000,000 | ---D | M] -- C:\Users\robin\AppData\Roaming\Windows Live Writer
[2011/09/20 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\5400 Series
[2011/09/20 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\Coverpgs
[2012/08/20 20:13:22 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001Core.job
[2012/08/21 23:12:04 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391809594-4175036034-412354412-1001UA.job
[2012/08/21 22:05:38 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring Suite 6
@Alternate Data Stream - 312 bytes -> C:\ProgramData:iSpring Pro 6
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041412 serial=DR12WEX-1504397-KTY lang=EN File not found
    O15 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..Trusted Domains: garp.org ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-391809594-4175036034-412354412-1001\..Trusted Domains: yorkcas.org ([citrix] https in Trusted sites)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    [2012/08/21 01:15:02 | 000,000,000 | ---D | C] -- C:\FRST
    @Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring Suite 6
    @Alternate Data Stream - 312 bytes -> C:\ProgramData:iSpring Pro 6
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Extras logfile created on: 8/21/2012 11:47:13 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 56.12% Memory free
7.49 Gb Paging File | 5.45 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.84 Gb Total Space | 174.60 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive D: | 21.95 Gb Total Space | 2.89 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive E: | 97.01 Mb Total Space | 86.87 Mb Free Space | 89.55% Space Free | Partition Type: FAT32
Drive F: | 4.38 Gb Total Space | 4.23 Gb Free Space | 96.66% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 71.84 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive H: | 495.71 Mb Total Space | 450.03 Mb Free Space | 90.79% Space Free | Partition Type: FAT

Computer Name: ROBIN-PC | User Name: robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078582C1-B69D-4179-934C-354A050C13B9}" = lport=445 | protocol=6 | dir=in | app=system |
"{197DA741-C15B-4E2B-873D-19317690E7F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2222C274-92F5-483D-9802-EA7BFF94A17D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3531822E-B0F4-49B6-971B-7F29E8FD5D70}" = lport=137 | protocol=17 | dir=in | app=system |
"{393E5A9E-EF9A-4399-9051-6BB86841917F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EF1CD90-E250-4CBC-9169-F7E7F77AC9C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F3B8928-02FC-45B5-9D56-35AB2C06A7D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52DA00E2-1B1B-4359-A434-0945A4842373}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BE01B2B-97B7-4393-914C-37B01B5A99B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{688B16B2-9FBC-41A3-9505-D162035CA6EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7134B202-3436-422B-AA49-8DFD84B3FB10}" = lport=138 | protocol=17 | dir=in | app=system |
"{77E3E23F-8C12-41FE-A6DA-8A3221118B31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{861411B8-0AD2-4585-819A-55222B89FCA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{879B6185-D927-4DCB-B36A-D4477F57A54F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B607EE4-D3DE-4D16-98C2-83ECC4945FC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{93358991-8D41-497E-A37B-5D1671037D76}" = rport=139 | protocol=6 | dir=out | app=system |
"{9801CB51-8B22-4246-8029-9514F1F634A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A20C7E84-4AF4-4639-81C7-7162511F9956}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6AE8165-EE8D-462E-AA33-CA6D3F994517}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9C6CA26-A6C6-4A49-B4FD-FF02EA88BD06}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC1BA7C5-636B-4DB9-977F-05061E0A27D5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BDEC1FE2-C793-4830-BBC5-D77857F9B0EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C70A233B-B327-44AD-8805-4C6A6E912804}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9413CE4-E56C-41F7-AC3E-1F5A2E6B7846}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CC7E4541-88AF-454E-9D1E-E6BE613BF7F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC97C3BD-0E35-4181-B491-991AA8EE0419}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E39A2A6D-8A4C-4FD4-9F74-030C6DA33E26}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED8429E0-3CEE-4B5E-ABD2-0A037B28E778}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F438D915-9588-432E-B408-F2D246E99DCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003BC42-2883-4521-BBE3-924306CB2920}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{01AA74C0-28EA-4584-BA57-DEDCF916F156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06BC18A2-D76E-4EC1-A380-5F575C40FADE}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
"{0F6E141A-C007-4DD0-9756-18ECB0955258}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{11B2C13A-0A88-43B5-9170-AA155AD498F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{159AAE6D-5B73-4B5A-8400-DA073C3216CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16C4A596-0F57-42F2-8B82-C4347398441D}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{20E76563-907D-4F54-8263-1BF7301B4D8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{27F1255E-C264-416B-A8DF-6ED0E3EFA81E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27F9F085-A25F-457E-ACD5-A1CC39685FFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2829ACC1-1433-43D6-9D04-DD3B350A9D80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{28E6E985-CC9A-48A9-957B-C31C6FD91C81}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{28EAD487-0A81-428F-8CD1-F303EC966979}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2EE85CCC-F53E-47CA-9480-F1077C82CC99}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{32E944F8-A202-4212-9206-45AD88A6C745}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3867BB64-B662-45F8-8BD4-40FF38BEBACF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{389D7BAB-CA30-4E65-B2DB-3E0714D42E05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B766755-E194-428E-9F78-78EF29D89E43}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F163F52-57A7-41AE-A09C-498488C66691}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41900559-3F6C-4A90-903A-9D659C14C98C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{42A3B346-88AC-4D1E-81C6-772D3D308BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{465EB92F-121F-4C66-9E7F-D518A3BD1862}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"{47910843-3791-4C19-96E0-E6C07A3D31A2}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{48E52524-AB0F-488E-BB66-33F389B7689F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{49B771B9-6D68-4488-80E6-581E0501ADC6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{4A124CC4-54BA-428C-BBE3-2ACB129BF252}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F5D3F98-8624-4FD5-B9EE-1C0AABA97202}" = dir=in | app=c:\users\robin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{51E77550-0331-4B48-A23B-E1ADE5B4A682}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
"{5274E096-C263-4186-BAEE-87F84C548FE4}" = dir=in | app=f:\setup\hpznui40.exe |
"{55605D16-EC57-4CE3-A40E-9FD5111325D7}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5564C8DF-78AF-4A2C-A122-51E25F19C8BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{55BDA557-355D-4EB2-9668-6022A2C9D7FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6153802D-9854-4792-B92D-46087EBDBF08}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{6155AD81-9290-4C57-86FA-B7620A6DD52D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6AAEBACF-A215-4EE5-85BE-005763607A2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{75EAE65B-2B69-48C7-A601-FC22249AF63D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D64B68A-D234-450F-807F-48C811C5F012}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{8111FA15-0852-4972-837E-F97656921607}" = protocol=6 | dir=out | app=system |
"{878D359C-E23C-4432-A718-AB8CD404FBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89DED30C-1526-44F9-9D3F-6894B717A77F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{94672D96-4819-40E3-96B0-43AE9581BC98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{94AF2ED3-238A-4440-9515-AD2CD2B0D99C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxctpswx.exe |
"{97B3F65A-7B1B-4C74-859A-CCF4199411C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9849A156-E367-4CCE-AA3F-20E531DFD2DF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9AB62782-C761-457C-88DC-7E74576F77B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BD787EF-9570-4D76-88E7-A719CD6FC185}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9C347D12-CF7F-4AA4-B256-FE43FBCDEE1C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9D81CF17-C0D0-4FDA-A8CE-F845F7F3B880}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9D929E68-ED22-4FA4-B019-B0F99630B785}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9F0083EA-5319-4290-9265-B485CED23F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4AC2F70-5DEA-4669-A3EB-D90455E2D39A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB181140-38D5-4B8A-B380-61F9ADFE497A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ACDB63CB-D3FA-4FE0-A989-A9A906934AA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD8F7532-EDA1-47C1-8E8B-C2DB6CBB4B0F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxctpswx.exe |
"{AEDB591D-5014-4906-B618-8C613398BE86}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{B8CF25ED-1AA1-4FE9-ABDD-D377A81F0089}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{BAFBCC6D-E980-4F44-912E-ACFC3BDBCADC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{BD557C96-4308-49FB-9926-D44FEAF660E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{BF8DE49E-4CAB-4106-B75D-541B9F2C983E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C2015242-48D9-4096-A5D8-7EDB51E20AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
"{C2369672-F5D1-4379-A709-48871AE14205}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C28C92E5-65F7-4D3F-82F7-AC6EFBA43734}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9A00EB9-281A-4014-918C-3DD2254CC497}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"{CDAD4C3F-2BE3-4797-A23D-DCCFFDE6BDA2}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
"{CE616EA1-CDD5-4F3F-AC6A-510C84DA0304}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CE869960-2389-4B6E-AD04-7BF32FC068F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0408F2C-D1D4-455C-923D-3A88B44C557E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{D04EFB04-3AF7-4AA8-90FA-A6E995967F62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{D2C63260-96E5-49AE-981B-4D38F28564D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D5CE883A-B22F-4D87-A353-661D670D629C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7E3D9DC-E496-44A8-9CAF-736EC6D146FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA364127-9E37-4919-A267-7236A2F2658E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E2694B90-1191-431E-A9B9-C7142A0DA099}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{ED892902-4435-48CF-8F36-18FD2B52EE5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{EDEC1F01-EFF2-4A46-B425-2A9042D67132}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
"{F27E90E8-83EA-42D6-8F66-A4C6D3500EDC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{F3278916-4B36-420D-BAA6-F8D22BEA2DC2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
"{F9759857-008B-4077-AF21-F69AC2A0365A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{F9AA040A-3A1D-4A3D-A98D-E8A3D6B5D5BF}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"TCP Query User{173E5AE7-4261-4EE6-B347-AF9794D30C66}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{3A817761-502F-4080-8B02-137F72B12611}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{0E87B9D6-24A6-4835-AA9B-DD0179783FF1}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{9807F9C7-7F36-4AA6-9596-AAF7B784AF21}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
 
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C1124346-2EE7-7D9F-6702-625128046EB0}" = AMD Fuel
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 2.8
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{474B2435-711F-46C2-97FE-5591D4B7DB37}" = iSpring Pro 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
 
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74669C8B-4D0A-4237-997F-3E1C92331F7D}" = PDFConverter Printer Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D2B5801-18A1-428D-A601-EE0D30CCF060}" = HP User Guides 0188
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
 
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"DOC to Image Converter_is1" = DOC to Image Converter 4.00
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Chrome" = Google Chrome
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Origin" = Origin
"PDFConverter Printer Driver_is1" = PDFConverter Printer Driver version 2.00
"PROPLUS" = Microsoft Office Professional Plus 2007
"VCDS Release 10.6" = VCDS Release 10.6.5
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"YTdetect" = Yahoo! Detect
 
D7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"DOC to Image Converter_is1" = DOC to Image Converter 4.00
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Chrome" = Google Chrome
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Origin" = Origin
"PDFConverter Printer Driver_is1" = PDFConverter Printer Driver version 2.00
"PROPLUS" = Microsoft Office Professional Plus 2007
"VCDS Release 10.6" = VCDS Release 10.6.5
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2012 6:11:50 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40227120

Error - 6/22/2012 6:13:06 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/22/2012 6:13:06 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1201

Error - 6/22/2012 6:13:06 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

Error - 6/22/2012 6:13:08 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/22/2012 6:13:08 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2574

Error - 6/22/2012 6:13:08 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2574

Error - 6/24/2012 5:49:56 PM | Computer Name = robin-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(70:de:e2:df:3d:20@fe80::72de:e2ff:fedf:3d20._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 6/24/2012 6:05:40 PM | Computer Name = robin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e50 Start
Time: 01cd525504f72cf1 Termination Time: 47 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 6/24/2012 8:58:34 PM | Computer Name = robin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 8/2/2011 9:08:49 PM | Computer Name = robin-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102090845.xml
File not created by asset agent

Error - 8/9/2011 6:29:44 PM | Computer Name = robin-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081109062940.xml
File not created by asset agent

Error - 9/6/2011 6:33:23 PM | Computer Name = robin-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091106063319.xml
File not created by asset agent

Error - 9/6/2011 6:33:25 PM | Computer Name = robin-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091106063323.xml
File not created by asset agent

Error - 9/13/2011 6:58:45 PM | Computer Name = robin-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091113065842.xml
File not created by asset agent

Error - 11/27/2011 12:34:19 PM | Computer Name = robin-PC | Source = HPSFMsgr.exe | ID = 2000
Description =

Error - 3/25/2012 2:50:06 PM | Computer Name = robin-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
 
sorry, website keeps crashing on me..

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3834 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 5/8/2012 8:53:20 PM | Computer Name = robin-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/8/2012 8:53:20 PM | Computer Name = robin-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/23/2012 8:43:16 AM | Computer Name = robin-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/653d6868_8998_4a63_ab49_1f1314b8e4ce/wazhya1bmfiby1fhy_fwplt__5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

[ HP SimplePass Events ]
Error - 11/29/2011 12:30:55 AM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator
 
AD User: \ Initiated by: ROBIN-PC\System Error: 0x00000000

Error - 11/30/2011 11:38:58 PM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator

AD User: \ Initiated by: ROBIN-PC\System Error: 0x00000000

Error - 12/3/2011 9:15:05 AM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator

AD User: \ Initiated by: ROBIN-PC\System Error: 0x00000000

Error - 12/5/2011 7:54:38 AM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator

AD User: \ Initiated by: ROBIN-PC\System Error: 0x00000000

Error - 12/5/2011 8:11:53 AM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator

AD User: \ Initiated by: ROBIN-PC\System Error: 0x00000000

Error - 12/5/2011 11:35:57 PM | Computer Name = robin-PC | Source = HP SimplePass Identity Protection | ID = 17826317
Description = Failure of user credential consistency check. User: robin-PC\Administrator
 

Attachments

  • Extras.Txt
    118.7 KB · Views: 0
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CorelDRAW Graphics Suite 11b deleted successfully.
Registry key HKEY_USERS\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\garp.org\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-391809594-4175036034-412354412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yorkcas.org\citrix\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U folder moved successfully.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L folder moved successfully.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\{faba01f1-e0ec-39b0-03d2-71509bdc78f8} folder moved successfully.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\U folder moved successfully.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\L folder moved successfully.
C:\FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData:iSpring Suite 6 deleted successfully.
ADS C:\ProgramData:iSpring Pro 6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: robin
->Temp folder emptied: 73623181 bytes
->Temporary Internet Files folder emptied: 290893265 bytes
->Java cache emptied: 2334964 bytes
->Google Chrome cache emptied: 10088409 bytes
->Flash cache emptied: 523 bytes

User: SYSTEM
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5350 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37409 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42330917 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 400.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: robin
->Java cache emptied: 0 bytes

User: SYSTEM

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: robin
->Flash cache emptied: 0 bytes

User: SYSTEM

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08222012_002421
Files\Folders moved on Reboot...
C:\Users\robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.77
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 
arbar Service Scanner Version: 06-08-2012
Ran by robin (administrator) on 22-08-2012 at 00:42:20
Running from "C:\Users\robin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
C:\Qoobox\Quarantine\C\ProgramData\706785590073103A1A24E20AF875F002\706785590073103A1A24E20AF875F002.exe.vir Win32/Adware.SystemSecurity.AL application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08222012_002421\C_FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\08222012_002421\C_FRST\Quarantine\{faba01f1-e0ec-39b0-03d2-71509bdc78f8}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
G:\ROBIN-PC\Backup Set 2012-03-25 190000\Backup Files 2012-08-21 221544\Backup files 1.zip Java/Exploit.CVE-2012-1723.AP trojan deleted - quarantined
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

======================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: robin
->Temp folder emptied: 5114203 bytes
->Temporary Internet Files folder emptied: 3787137 bytes
->Java cache emptied: 463 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: SYSTEM
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1202797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: robin
->Flash cache emptied: 0 bytes

User: SYSTEM

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: robin
->Java cache emptied: 0 bytes

User: SYSTEM

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.1 log created on 08232012_212701
Files\Folders moved on Reboot...
C:\Users\robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
doing the windows updates... computer screen started flashing and is now black. Computer is still running. not sure what to do... should I leave it alone or reboot? weird
 
Back