TechSpot

win64/Agent.BA trojan / win64/Sirefef.AE trojan etc.

By Schadenfreude92
Jul 9, 2012
  1. Could really use some help. I have a problem very similar to the one described here: http://www.techspot.com/community/t...et-cannot-delete-patched-b-gen-trojan.182224/. As for that guy, the malware started with an insistent request to update my Adobe Flash player (which I eventually allowed)

    ESET keeps detecting a couple of nasty things (win64/Sirefef.AE trojan and win64/Sirefef.AE trojan ) and claiming to have cleaned them by quarantining them. Meanwhile, Windows Defender keeps notifying me about Win32/Sirefef.AN, which it claims to have removed.

    That's the jist of my situation. I see, in other similar threads, that the instructions are very complex and specific to those users, so I was hoping someone would be willing to walk me through what I need to do to beat back these nasties.

    Help?
     
  2. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    For the record, I'm running Windows 7
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    Here goes...


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.09.14
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    John :: CYBOTRON-FIVE [administrator]
    7/9/2012 8:59:19 PM
    mbam-log-2012-07-09 (20-59-19).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235935
    Time elapsed: 11 minute(s), 4 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 16
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Users\John\AppData\Local\Temp\ctfmon.dll (Trojan.Phex.THAGen2) -> Quarantined and deleted successfully.
    C:\Users\John\AppData\Local\Temp\msimg32.dll (Trojan.LockScreen) -> Quarantined and deleted successfully.
    (end)


    -----------------

    The GMER log seems to be empty. Hope I didn't make a mistake.

    ------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by John at 21:38:12 on 2012-07-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5529 [GMT -4:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {656461EF-40F6-4115-9FF1-BCED9812CCBB} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll
    Trusted Zone: beatport.com
    Trusted Zone: huntington.com\onlinebanking
    Trusted Zone: ldmail.tax-ms
    Trusted Zone: state.oh.us\www-sys2.tax
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://www-sys2.tax.state.oh.us/+CSCOL+/relayp.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://www-sys2.tax.state.oh.us/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://192.168.40.12/dwa7W.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : DhcpNameServer = 192.168.1.241
    TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}\14574696F64756870244963747279626574796F6E6 : DhcpNameServer = 192.168.0.107
    TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}\452716E637D61647 : DhcpNameServer = 192.168.0.103
    TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}\642756560294E6475627E6564702F6E602242796467656 : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {656461EF-40F6-4115-9FF1-BCED9812CCBB} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-24 13336]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-4-6 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 257224]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-21 135664]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-10 00:53:27 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
    2012-07-10 00:53:19 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-10 00:53:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-10 00:53:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 22:08:53 -------- d-----w- C:\Users\John\AppData\Local\{54A2C667-0292-4F90-9D41-66BA62462CAD}
    2012-07-09 22:08:33 -------- d-----w- C:\Users\John\AppData\Local\{A1445C8D-A8C2-4253-A789-C5880597AD2F}
    2012-07-09 01:11:49 -------- d-----w- C:\Users\John\AppData\Local\{1EFA1777-FF50-4D64-8299-99E9B281C2F3}
    2012-07-09 01:11:38 -------- d-----w- C:\Users\John\AppData\Local\{CC685846-A244-4A71-9B99-96943B1F40A8}
    2012-07-07 02:45:08 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FC9C5AF-FA7D-4D83-B8E1-634D0EA41D76}\mpengine.dll
    2012-07-05 11:29:30 -------- d-----w- C:\Windows\en
    2012-07-05 11:22:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\DSETUP.dll
    2012-07-05 11:22:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\DXSETUP.exe
    2012-07-05 11:22:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\dsetup32.dll
    2012-07-05 11:13:38 -------- d-----w- C:\Users\John\AppData\Local\{073E9429-4861-4F9B-AE84-D9B3DADA211C}
    2012-07-05 11:13:14 -------- d-----w- C:\Users\John\AppData\Local\{865CA749-EBF1-4598-A049-4CBBBC5AACD4}
    2012-06-29 14:40:05 -------- d-----w- C:\Users\John\AppData\Local\{1FD0B880-C3AE-4FE4-890D-5C9C1448AF51}
    2012-06-29 14:39:34 -------- d-----w- C:\Users\John\AppData\Local\{4655FB8F-7322-4F0D-9C31-B6AD413A1F6E}
    2012-06-19 03:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 03:26:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 03:26:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 03:26:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-14 10:03:17 -------- d-----w- C:\Users\John\AppData\Local\{25DFA4E4-FDC4-4A73-8A1D-75BEC3B2C1C7}
    2012-06-14 10:02:51 -------- d-----w- C:\Users\John\AppData\Local\{8475E522-1BC5-4510-B054-06027635DDA2}
    2012-06-13 18:19:17 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 18:19:17 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 18:19:17 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 18:19:08 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 18:19:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 18:19:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 18:19:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 18:19:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 18:19:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 18:19:00 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 18:18:58 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 18:18:51 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 18:18:50 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 18:18:50 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 18:18:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 18:18:49 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 18:18:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ==================== Find3M ====================
    .
    2012-07-09 15:03:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-09 15:03:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-05 00:46:06 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-29 14:59:00 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-04-29 14:59:00 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 21:38:33.67 ===============

    .
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I still need Attach.txt log.
     
  6. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    Since you specifically instructed. :)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/13/2010 5:39:33 PM
    System Uptime: 7/9/2012 9:18:29 PM (0 hours ago)
    .
    Motherboard: MSI | | IONA
    Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 920 GiB total, 785.717 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.593 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (FAT32) - 931 GiB total, 656.989 GiB free.
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart 2570 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart 2570 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart 2570 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart 2570 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP725: 7/1/2012 3:00:11 AM - Windows Update
    RP726: 7/2/2012 3:00:10 AM - Windows Update
    RP727: 7/3/2012 3:00:10 AM - Windows Update
    RP728: 7/4/2012 3:00:10 AM - Windows Update
    RP729: 7/5/2012 3:00:10 AM - Windows Update
    RP730: 7/5/2012 7:22:27 AM - Windows Live Essentials
    RP732: 7/5/2012 7:25:16 AM - Installed DirectX
    RP733: 7/5/2012 7:26:03 AM - WLSetup
    RP734: 7/6/2012 3:00:26 AM - Windows Update
    RP735: 7/7/2012 3:00:26 AM - Windows Update
    RP736: 7/8/2012 3:00:10 AM - Windows Update
    RP737: 7/9/2012 3:00:10 AM - Windows Update
    RP739: 7/9/2012 11:19:00 AM - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    2570
    2570_Help
    2570Trb
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Amazon MP3 Downloader 1.0.9
    Apple Application Support
    Apple Software Update
    Audacity 1.2.3
    Audio Recorder Pro 3.70
    Avery Wizard 4.0
    BufferChm
    Cisco AnyConnect VPN Client
    Compatibility Pack for the 2007 Office system
    Copy
    CyberLink DVD Suite Deluxe
    D3DX10
    Destinations
    DeviceDiscovery
    DirectX for Managed Code Update (Summer 2004)
    DocProc
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    Fax
    Google Chrome
    Google Drive
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Product Detection
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Hulu Desktop
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 32
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Memeo AutoSync
    Memeo Instant Backup
    Microsoft Corporation
    Microsoft Live Search Toolbar
    Microsoft Money 2002
    Microsoft Money 2002 System Pack
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft Publisher 2002
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    NVIDIA PhysX
    PDFCreator
    pdfsam
    PictureMover
    Power2Go
    PowerDirector
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recovery Manager
    Safari
    Scan
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype Click to Call
    Skype™ 5.9
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    TweetDeck
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Vid-Saver
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 9:25:33 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    7/9/2012 3:02:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
    7/7/2012 9:57:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    7/4/2012 5:27:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    7/3/2012 3:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Cybotron-Five\John SID (S-1-5-21-2750301714-3767477284-1182490875-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/3/2012 3:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Cybotron-Five\John SID (S-1-5-21-2750301714-3767477284-1182490875-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    http://www.techspot.com/community/t...lware-preliminary-removal-instructions.58138/
    ===============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  8. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    My bad. Here's the FRST.txt file.

    Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
    Ran by SYSTEM at 09-07-2012 22:35:25
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335464 2009-09-29] (NVIDIA Corporation)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()
    HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
    HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
    HKLM-x32\...\Run: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe" [241714 2001-07-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2011-04-06] (Memeo Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [73728 2011-11-03] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2009-03-31] (Memeo Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-17] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
    HKU\John\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
    HKU\John\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-20] (Google Inc.)
    HKU\John\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\John\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-21] (Yahoo! Inc.)
    HKU\John\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]
    HKU\John\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\John\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
    HKU\John\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    Startup: C:\Users\John\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    ==================== Services (Whitelisted) ======
    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2011-01-12] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2011-01-12] (ESET)
    ========================== Drivers (Whitelisted) =============
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [170640 2010-12-21] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-12-21] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [125296 2010-12-21] (ESET)
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-09 22:35 - 2012-07-09 22:35 - 00000000 ____D C:\FRST
    2012-07-09 18:21 - 2012-07-09 18:21 - 00000000 ____D C:\Users\John\backup of PIONEER flash drive
    2012-07-09 17:39 - 2012-07-09 17:39 - 00027971 ____A C:\Users\John\Desktop\DDS.txt
    2012-07-09 17:39 - 2012-07-09 17:39 - 00008255 ____A C:\Users\John\Desktop\Attach.txt
    2012-07-09 17:34 - 2012-07-09 17:34 - 00607260 ____R (Swearware) C:\Users\John\Desktop\dds.scr
    2012-07-09 17:31 - 2012-07-09 17:31 - 00000000 ____A C:\Users\John\Desktop\gmer.log
    2012-07-09 17:25 - 2012-07-09 17:25 - 00302592 ____A C:\Users\John\Desktop\bnxeem2y.exe
    2012-07-09 16:53 - 2012-07-09 16:53 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 16:53 - 2012-07-09 16:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Malwarebytes
    2012-07-09 16:53 - 2012-07-09 16:53 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-09 16:53 - 2012-07-09 16:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-09 16:53 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-09 16:02 - 2012-07-09 16:02 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-1.61.0.1400.exe
    2012-07-09 14:57 - 2012-07-09 14:57 - 00138120 ____A (ESET) C:\Users\John\Downloads\ESETSirefefRemover.exe
    2012-07-09 14:08 - 2012-07-09 14:09 - 00000000 ____D C:\Users\John\AppData\Local\{54A2C667-0292-4F90-9D41-66BA62462CAD}
    2012-07-09 14:08 - 2012-07-09 14:08 - 00000000 ____D C:\Users\John\AppData\Local\{A1445C8D-A8C2-4253-A789-C5880597AD2F}
    2012-07-08 17:11 - 2012-07-08 17:11 - 00000000 ____D C:\Users\John\AppData\Local\{CC685846-A244-4A71-9B99-96943B1F40A8}
    2012-07-08 17:11 - 2012-07-08 17:11 - 00000000 ____D C:\Users\John\AppData\Local\{1EFA1777-FF50-4D64-8299-99E9B281C2F3}
    2012-07-05 03:29 - 2012-07-05 03:29 - 00000000 ____D C:\Windows\en
    2012-07-05 03:27 - 2012-07-05 03:27 - 00000000 ____D C:\Program Files\Windows Live
    2012-07-05 03:13 - 2012-07-05 03:13 - 00000000 ____D C:\Users\John\AppData\Local\{865CA749-EBF1-4598-A049-4CBBBC5AACD4}
    2012-07-05 03:13 - 2012-07-05 03:13 - 00000000 ____D C:\Users\John\AppData\Local\{073E9429-4861-4F9B-AE84-D9B3DADA211C}
    2012-06-29 06:40 - 2012-06-29 06:40 - 00000000 ____D C:\Users\John\AppData\Local\{1FD0B880-C3AE-4FE4-890D-5C9C1448AF51}
    2012-06-29 06:39 - 2012-06-29 06:39 - 00000000 ____D C:\Users\John\AppData\Local\{4655FB8F-7322-4F0D-9C31-B6AD413A1F6E}
    2012-06-18 19:27 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 19:27 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 19:27 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 19:27 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 19:26 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 19:26 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 19:26 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 19:26 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 19:26 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-14 02:03 - 2012-06-14 02:03 - 00000000 ____D C:\Users\John\AppData\Local\{25DFA4E4-FDC4-4A73-8A1D-75BEC3B2C1C7}
    2012-06-14 02:02 - 2012-06-14 02:03 - 00000000 ____D C:\Users\John\AppData\Local\{8475E522-1BC5-4510-B054-06027635DDA2}
    2012-06-13 23:01 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 23:01 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 23:01 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 23:01 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 23:01 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 23:01 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 23:01 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 23:01 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 23:01 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 23:01 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 23:01 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 23:01 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 23:00 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 23:00 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 23:00 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 16:32 - 2012-06-13 16:32 - 00108156 ____A C:\Users\John\Downloads\Campaign Message (1).pptx
    2012-06-13 10:19 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 10:19 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 10:19 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 10:19 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 10:19 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 10:19 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 10:19 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 10:19 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 10:19 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 10:19 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 10:18 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 10:18 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 10:18 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 10:18 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 10:18 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 10:18 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 10:18 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 12:26 - 2012-06-11 12:26 - 00108156 ____A C:\Users\John\Downloads\Campaign Message.pptx
    ============ 3 Months Modified Files ========================
    2012-07-09 18:30 - 2009-12-17 07:07 - 01356757 ____A C:\Windows\WindowsUpdate.log
    2012-07-09 18:22 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-09 18:22 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-09 17:46 - 2012-04-16 00:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-09 17:45 - 2010-02-21 08:57 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-09 17:39 - 2012-07-09 17:39 - 00027971 ____A C:\Users\John\Desktop\DDS.txt
    2012-07-09 17:39 - 2012-07-09 17:39 - 00008255 ____A C:\Users\John\Desktop\Attach.txt
    2012-07-09 17:34 - 2012-07-09 17:34 - 00607260 ____R (Swearware) C:\Users\John\Desktop\dds.scr
    2012-07-09 17:31 - 2012-07-09 17:31 - 00000000 ____A C:\Users\John\Desktop\gmer.log
    2012-07-09 17:25 - 2012-07-09 17:25 - 00302592 ____A C:\Users\John\Desktop\bnxeem2y.exe
    2012-07-09 17:21 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-09 17:18 - 2010-02-21 08:57 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-09 17:18 - 2009-11-23 23:48 - 00252052 ____A C:\Windows\PFRO.log
    2012-07-09 17:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-09 17:18 - 2009-07-13 20:51 - 00041685 ____A C:\Windows\setupact.log
    2012-07-09 16:53 - 2012-07-09 16:53 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-09 16:02 - 2012-07-09 16:02 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-1.61.0.1400.exe
    2012-07-09 14:57 - 2012-07-09 14:57 - 00138120 ____A (ESET) C:\Users\John\Downloads\ESETSirefefRemover.exe
    2012-07-09 07:03 - 2012-04-16 00:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-09 07:03 - 2011-05-21 08:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-06 18:46 - 2010-03-28 17:15 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-05 03:25 - 2009-11-24 00:27 - 00064363 ____A C:\Windows\DirectX.log
    2012-07-05 02:59 - 2011-08-19 19:59 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJohn.job
    2012-06-30 06:08 - 2010-02-13 18:28 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2012-06-29 19:51 - 2010-12-12 14:01 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-06-18 05:21 - 2012-05-22 14:50 - 00037949 ____A C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
    2012-06-13 23:35 - 2009-07-13 20:45 - 00459576 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 23:07 - 2010-02-13 18:51 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-13 19:24 - 2012-03-30 14:57 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-06-13 16:32 - 2012-06-13 16:32 - 00108156 ____A C:\Users\John\Downloads\Campaign Message (1).pptx
    2012-06-11 12:26 - 2012-06-11 12:26 - 00108156 ____A C:\Users\John\Downloads\Campaign Message.pptx
    2012-06-08 16:04 - 2012-06-08 16:04 - 00001047 ____A C:\Users\John\Desktop\Dropbox.lnk
    2012-06-08 16:01 - 2012-06-08 16:01 - 18401328 ____A (Dropbox, Inc.) C:\Users\John\Downloads\Dropbox 1.4.8.exe
    2012-06-02 14:19 - 2012-06-18 19:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 19:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 19:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 19:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 19:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 19:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 19:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-18 19:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-18 19:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-22 14:42 - 2012-05-22 14:42 - 00047200 ____A C:\Users\John\Downloads\contacts.csv
    2012-05-21 15:45 - 2012-05-21 15:45 - 00027724 ____A C:\Users\John\Downloads\press list.csv
    2012-05-21 15:45 - 2012-05-21 15:45 - 00027724 ____A C:\Users\John\Downloads\press list (1).csv
    2012-05-21 15:45 - 2012-05-21 15:45 - 00025050 ____A C:\Users\John\Desktop\press list.csv
    2012-05-21 11:17 - 2012-05-21 11:17 - 00002034 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2012-05-21 11:09 - 2012-05-21 11:09 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-05-20 15:54 - 2012-05-20 15:54 - 00001707 ____A C:\Users\John\Desktop\Google Drive.lnk
    2012-05-17 18:47 - 2012-06-13 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 17:02 - 2012-05-17 17:01 - 00001036 ____A C:\Users\John\Desktop\My Documents - history.lnk
    2012-05-17 15:11 - 2012-06-13 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 09:28 - 2012-05-17 09:28 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-05-17 09:28 - 2012-05-17 09:28 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-05-17 09:28 - 2012-05-17 09:28 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-05-17 09:28 - 2012-05-17 09:28 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-05-17 09:28 - 2012-05-17 09:28 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-05-14 17:32 - 2012-06-13 10:19 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-04 16:46 - 2012-05-04 16:46 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 03:06 - 2012-06-13 10:19 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 10:19 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 10:19 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-13 10:19 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 06:59 - 2012-04-29 06:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-04-29 06:59 - 2012-04-29 06:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-29 06:59 - 2012-04-29 06:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-29 06:59 - 2012-04-29 06:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-29 06:59 - 2010-09-11 16:30 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-27 19:55 - 2012-06-13 10:19 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-13 10:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 10:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 10:19 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 10:18 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 10:18 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 10:18 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 10:18 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 10:18 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 10:18 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 06:17 - 2010-07-24 03:36 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-04-23 06:15 - 2012-04-23 06:15 - 00001788 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-04-16 10:20 - 2012-01-16 14:23 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-04-16 09:04 - 2010-03-02 18:26 - 00220559 ____A C:\Windows\hpoins19.dat
    2012-04-16 09:04 - 2010-03-02 04:41 - 00005454 ____A C:\Users\All Users\hpzinstall.log
    2012-04-16 08:58 - 2009-07-13 18:34 - 00000534 ____A C:\Windows\win.ini

    ZeroAccess:
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\L
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\L\00000004.@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\L\1afb2d56
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U\00000004.@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U\00000008.@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U\000000cb.@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U\80000032.@
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730}\U\80000064.@
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 8119.08 MB
    Available physical RAM: 7177.39 MB
    Total Pagefile: 8117.23 MB
    Available Pagefile: 7164.57 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (EARTH) (Fixed) (Total:920.43 GB) (Free:785.91 GB) NTFS
    2 Drive e: (MOON (FACTORY_IMAGE)) (Fixed) (Total:10.98 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (PIONEER) (Removable) (Total:7.55 GB) (Free:7.23 GB) FAT32
    5 Drive h: (VENUS) (Fixed) (Total:931.28 GB) (Free:656.66 GB) FAT32
    10 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
    11 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 7751 MB 0 B
    Disk 2 Online 931 GB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 920 GB 101 MB
    Partition 3 Primary 10 GB 920 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C EARTH NTFS Partition 920 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E MOON (FACTO NTFS Partition 10 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7747 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G PIONEER FAT32 Removable 7747 MB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H VENUS FAT32 Partition 931 GB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-05 08:58
    ======================= End Of Log ==========================
     
  9. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    For what it's worth, things seem to be running smoothly right now.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're still infected.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  11. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012
    Ran by SYSTEM at 2012-07-09 23:08:11 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Users\John\AppData\Local\{158c8fff-81b9-d19c-0d64-10c52a39c730} moved successfully.
    ==== End of Fixlog ====

    and...

    ComboFix 12-07-08.03 - John 07/09/2012 23:26:13.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5779 [GMT -4:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\John\AppData\Local\Temp\_MEI31882\_ctypes.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\_elementtree.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\_hashlib.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\_socket.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\_ssl.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\pyexpat.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\pysqlite2._sqlite.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\python26.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\pythoncom26.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\PyWinTypes26.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\select.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\unicodedata.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32api.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32com.shell.shell.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32crypt.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32event.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32file.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32inet.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32pdh.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\win32process.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\windows._cacheinvalidation.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._controls_.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._core_.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._gdi_.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._html2.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._misc_.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._windows_.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wx._wizard.pyd
    c:\users\John\AppData\Local\Temp\_MEI31882\wxbase293u_net_vc.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\wxbase293u_vc.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\wxmsw293u_adv_vc.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\wxmsw293u_core_vc.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\wxmsw293u_html_vc.dll
    c:\users\John\AppData\Local\Temp\_MEI31882\wxmsw293u_webview_vc.dll
    c:\users\John\Uninstall.exe
    J:\Autorun.inf
    J:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-10 06:35 . 2012-07-10 06:35 -------- d-----w- C:\FRST
    2012-07-10 03:33 . 2012-07-10 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-10 02:21 . 2012-07-10 02:21 -------- d-----w- c:\users\John\backup of PIONEER flash drive
    2012-07-10 00:53 . 2012-07-10 00:53 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
    2012-07-10 00:53 . 2012-07-10 00:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-10 00:53 . 2012-07-10 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-10 00:53 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-05 11:29 . 2012-07-05 11:29 -------- d-----w- c:\windows\en
    2012-07-05 11:27 . 2012-07-05 11:27 -------- d-----w- c:\program files\Windows Live
    2012-07-05 11:22 . 2012-07-05 11:22 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\DSETUP.dll
    2012-07-05 11:22 . 2012-07-05 11:22 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\DXSETUP.exe
    2012-07-05 11:22 . 2012-07-05 11:22 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6c116e8a1cd5aa001\dsetup32.dll
    2012-06-19 03:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 03:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 03:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 03:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 03:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 03:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 03:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 03:26 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 03:26 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-13 18:19 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 18:19 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 18:19 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 18:19 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 18:19 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 18:19 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 18:19 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 18:19 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 18:18 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 18:18 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 18:18 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 18:18 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 18:18 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 18:18 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-09 15:03 . 2012-04-16 08:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-09 15:03 . 2011-05-21 16:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-31 04:04 . 2012-07-07 02:45 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FC9C5AF-FA7D-4D83-B8E1-634D0EA41D76}\mpengine.dll
    2012-05-17 22:35 . 2012-06-14 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-17 22:24 . 2012-06-14 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-05-05 00:46 . 2012-05-05 00:46 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 10:03 . 2012-06-13 18:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 18:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-29 14:59 . 2012-04-29 14:59 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-04-29 14:59 . 2010-09-12 00:30 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-20 39408]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "MoneyStartUp10.0"="c:\program files (x86)\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-04-06 136416]
    "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2009-03-31 144608]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-04-06 25824]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-03 8704]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-05 583360]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-11 1705600]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:03]
    .
    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 16:57]
    .
    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 16:57]
    .
    2012-07-05 c:\windows\Tasks\HPCeeScheduleForJohn.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: beatport.com
    Trusted Zone: huntington.com\onlinebanking
    Trusted Zone: ldmail.tax-ms
    Trusted Zone: state.oh.us\www-sys2.tax
    TCP: DhcpNameServer = 192.168.0.1
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://www-sys2.tax.state.oh.us/CACHE/stc/1/binaries/vpnweb.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)
    Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
    WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)
    AddRemove-Amazon MP3 Downloader - c:\users\John\Uninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
    c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
    c:\program files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-09 23:47:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-10 03:47
    .
    Pre-Run: 847,583,162,368 bytes free
    Post-Run: 861,805,010,944 bytes free
    .
    - - End Of File - - 3C0EBB9B3CCA36CBD8CCB91BA82CB622
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    ========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    No, seems good. Much more stable, etc.

    Thanks for your help! This is great!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Cool :)
     
  15. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.10.03
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    John :: CYBOTRON-FIVE [administrator]
    7/10/2012 12:03:32 AM
    mbam-log-2012-07-10 (00-03-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218740
    Time elapsed: 3 minute(s), 28 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    --

    OTL logfile created on: 7/10/2012 12:09:32 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 67.21% Memory free
    15.86 Gb Paging File | 12.94 Gb Available in Paging File | 81.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.43 Gb Total Space | 802.68 Gb Free Space | 87.21% Space Free | Partition Type: NTFS
    Drive D: | 10.98 Gb Total Space | 1.59 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
    Drive F: | 7.55 Gb Total Space | 7.23 Gb Free Space | 95.81% Space Free | Partition Type: FAT32
    Drive J: | 931.28 Gb Total Space | 671.56 Gb Free Space | 72.11% Space Free | Partition Type: FAT32

    Computer Name: CYBOTRON-FIVE | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/10 00:08:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/17 13:28:14 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/11/03 14:10:50 | 000,065,536 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    PRC - [2011/11/03 14:10:42 | 000,008,704 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    PRC - [2011/04/06 11:16:48 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    PRC - [2011/04/06 11:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/22 12:40:50 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2010/05/05 19:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2009/10/22 22:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/02 17:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/10/02 17:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/08/24 22:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    PRC - [2009/03/31 12:45:18 | 000,836,832 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
    PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/09 23:36:59 | 001,169,408 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._core_.pyd
    MOD - [2012/07/09 23:36:59 | 001,056,256 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._controls_.pyd
    MOD - [2012/07/09 23:36:59 | 001,018,368 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\windows._cacheinvalidation.pyd
    MOD - [2012/07/09 23:36:59 | 000,807,424 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._windows_.pyd
    MOD - [2012/07/09 23:36:59 | 000,792,576 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._gdi_.pyd
    MOD - [2012/07/09 23:36:59 | 000,731,136 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._misc_.pyd
    MOD - [2012/07/09 23:36:59 | 000,645,120 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\_ssl.pyd
    MOD - [2012/07/09 23:36:59 | 000,585,728 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\unicodedata.pyd
    MOD - [2012/07/09 23:36:59 | 000,571,392 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\pysqlite2._sqlite.pyd
    MOD - [2012/07/09 23:36:59 | 000,354,304 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\pythoncom26.dll
    MOD - [2012/07/09 23:36:59 | 000,311,808 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\_hashlib.pyd
    MOD - [2012/07/09 23:36:59 | 000,263,168 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32com.shell.shell.pyd
    MOD - [2012/07/09 23:36:59 | 000,153,088 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\pyexpat.pyd
    MOD - [2012/07/09 23:36:59 | 000,121,856 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._wizard.pyd
    MOD - [2012/07/09 23:36:59 | 000,111,104 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32file.pyd
    MOD - [2012/07/09 23:36:59 | 000,110,592 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\PyWinTypes26.dll
    MOD - [2012/07/09 23:36:59 | 000,096,256 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32api.pyd
    MOD - [2012/07/09 23:36:59 | 000,086,016 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\_elementtree.pyd
    MOD - [2012/07/09 23:36:59 | 000,073,728 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\_ctypes.pyd
    MOD - [2012/07/09 23:36:59 | 000,070,656 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\wx._html2.pyd
    MOD - [2012/07/09 23:36:59 | 000,040,448 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\_socket.pyd
    MOD - [2012/07/09 23:36:59 | 000,039,424 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32inet.pyd
    MOD - [2012/07/09 23:36:59 | 000,036,352 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32process.pyd
    MOD - [2012/07/09 23:36:59 | 000,022,528 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32pdh.pyd
    MOD - [2012/07/09 23:36:59 | 000,017,920 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32event.pyd
    MOD - [2012/07/09 23:36:59 | 000,011,776 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\win32crypt.pyd
    MOD - [2012/07/09 23:36:59 | 000,011,776 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\_MEI37362\select.pyd
    MOD - [2012/06/14 03:40:44 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
    MOD - [2012/06/14 03:36:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
    MOD - [2012/06/14 03:36:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/14 03:36:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:36:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:36:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 03:36:10 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/12 03:51:13 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/12 03:48:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 03:48:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 03:48:41 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eaeca46457a0c33b93f6f4be08990cab\System.Data.ni.dll
    MOD - [2012/05/12 03:48:18 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
    MOD - [2012/05/12 03:48:18 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    MOD - [2012/05/12 03:48:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/12 03:48:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 03:48:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 03:48:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 03:47:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/02/24 15:57:03 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2011/11/03 14:10:46 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
    MOD - [2011/11/03 14:10:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
    MOD - [2011/11/03 14:10:10 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
    MOD - [2011/11/03 14:09:38 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
    MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/06 11:16:30 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
    MOD - [2011/04/06 11:16:28 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
    MOD - [2011/04/06 11:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/04/20 13:22:32 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
    MOD - [2010/04/20 13:22:32 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
    MOD - [2010/03/22 18:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
    MOD - [2009/10/22 22:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/09/29 19:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/09/29 19:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/09/29 19:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/09/29 19:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/09/29 19:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/09/29 19:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/09/29 19:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/09/29 19:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/03/31 12:45:26 | 000,165,088 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoSync\providers\Memeo.Server.Providers.FileCopySyncProvider.dll
    MOD - [2009/03/31 12:45:00 | 000,038,112 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoSync\NamedPipes.dll
    MOD - [2009/03/31 12:27:20 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoSync\ProfMan.dll
    MOD - [2009/03/31 12:23:20 | 000,491,202 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoSync\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/11/13 12:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/09 11:03:30 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2011/11/03 14:10:42 | 000,008,704 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/04/06 11:16:14 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/05/05 19:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/02 17:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/05/05 19:46:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2009/10/02 08:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 08:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/11 12:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV:64bit: - [2009/09/11 12:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
    DRV:64bit: - [2009/08/20 20:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/05 11:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/28 22:00:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/17 13:28:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/06 22:36:32 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/28 22:00:17 | 000,000,000 | ---D | M]

    [2012/05/12 08:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/05/12 08:13:35 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
    CHR - Extension: BitTorrentBar2 = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik\2.3.7.1_0\

    O1 HOSTS File: ([2012/07/09 23:36:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files (x86)\Microsoft Money\System\Activation.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: beatport.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: huntington.com ([onlinebanking] https in Trusted sites)
    O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: ldmail.tax-ms ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: state.oh.us ([www-sys2.tax] https in Trusted sites)
    O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://www-sys2.tax.state.oh.us/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://www-sys2.tax.state.oh.us/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://192.168.40.12/dwa7W.cab (Domino Web Access 7 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: DhcpNameServer = 192.168.1.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/10 21:28:58 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  16. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    ... and

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/10 02:35:09 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/10 00:08:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2012/07/09 23:23:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/09 23:23:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/09 23:23:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/09 23:23:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/09 23:23:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/09 23:15:30 | 004,574,676 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
    [2012/07/09 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\John\backup of PIONEER flash drive
    [2012/07/09 21:34:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
    [2012/07/09 20:53:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
    [2012/07/09 20:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/09 20:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/09 20:53:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/09 20:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/09 20:02:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/07/09 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{54A2C667-0292-4F90-9D41-66BA62462CAD}
    [2012/07/09 18:08:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{A1445C8D-A8C2-4253-A789-C5880597AD2F}
    [2012/07/08 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{1EFA1777-FF50-4D64-8299-99E9B281C2F3}
    [2012/07/08 21:11:38 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CC685846-A244-4A71-9B99-96943B1F40A8}
    [2012/07/05 07:29:30 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/07/05 07:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2012/07/05 07:13:38 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{073E9429-4861-4F9B-AE84-D9B3DADA211C}
    [2012/07/05 07:13:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{865CA749-EBF1-4598-A049-4CBBBC5AACD4}
    [2012/06/29 10:40:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{1FD0B880-C3AE-4FE4-890D-5C9C1448AF51}
    [2012/06/29 10:39:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4655FB8F-7322-4F0D-9C31-B6AD413A1F6E}
    [2012/06/14 06:03:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{25DFA4E4-FDC4-4A73-8A1D-75BEC3B2C1C7}
    [2012/06/14 06:02:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8475E522-1BC5-4510-B054-06027635DDA2}
    [2009/12/11 16:05:32 | 002,467,944 | ---- | C] (Amazon.com) -- C:\Users\John\AmazonMP3Downloader.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/10 00:08:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2012/07/09 23:51:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 23:51:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 23:46:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/09 23:45:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/09 23:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/09 23:36:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/09 23:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/09 23:36:18 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/09 23:15:30 | 004,574,676 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
    [2012/07/09 21:34:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
    [2012/07/09 21:25:12 | 000,302,592 | ---- | M] () -- C:\Users\John\Desktop\bnxeem2y.exe
    [2012/07/09 21:21:09 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/09 21:21:09 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/09 21:21:09 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/09 20:53:20 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/09 20:02:16 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/07/05 06:59:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJohn.job
    [2012/06/30 10:08:01 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2012/06/29 23:51:56 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/06/23 09:18:46 | 000,475,369 | ---- | M] () -- C:\Users\John\AppData\Local\tmpIMG_0822.JPG
    [2012/06/18 09:21:01 | 000,037,949 | ---- | M] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2012/06/14 03:35:28 | 000,459,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/07/09 23:23:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/09 23:23:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/09 23:23:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/09 23:23:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/09 23:23:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/09 21:25:12 | 000,302,592 | ---- | C] () -- C:\Users\John\Desktop\bnxeem2y.exe
    [2012/07/09 20:53:20 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/23 09:18:47 | 000,475,369 | ---- | C] () -- C:\Users\John\AppData\Local\tmpIMG_0822.JPG
    [2012/05/22 18:50:05 | 000,037,949 | ---- | C] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2012/04/08 13:16:54 | 000,830,297 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.4
    [2012/04/08 13:16:42 | 000,291,774 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.3
    [2012/04/08 13:16:41 | 000,290,305 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.2
    [2012/04/08 13:16:40 | 000,289,993 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.1
    [2012/04/08 13:16:39 | 000,830,297 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.0
    [2012/04/08 13:16:39 | 000,333,339 | ---- | C] () -- C:\Users\John\AppData\Local\tmp020.JPG
    [2012/03/27 22:08:17 | 000,020,691 | ---- | C] () -- C:\Users\John\AppData\Local\tmp378436_3069095169885_1338765468_33299168_1661859543_N_CROP.JPG
    [2012/02/07 10:02:17 | 006,437,886 | ---- | C] () -- C:\Users\John\AppData\Local\tmpSCAN0002.JPG
    [2011/11/14 23:02:53 | 000,100,496 | ---- | C] () -- C:\Users\John\AppData\Local\tmp076_CROP_CROP.JPG
    [2011/11/14 23:00:46 | 000,147,339 | ---- | C] () -- C:\Users\John\AppData\Local\tmp076_CROP.JPG
    [2011/06/13 23:14:48 | 000,111,324 | ---- | C] () -- C:\Users\John\AppData\Local\tmpAP11061301452_CUSTOM.JPG
    [2011/05/27 18:55:06 | 000,001,854 | ---- | C] () -- C:\Users\John\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/06 23:19:57 | 000,596,420 | ---- | C] () -- C:\Users\John\AppData\Local\tmp029.JPG
    [2011/02/23 09:08:00 | 000,221,438 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
    [2011/02/23 09:08:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
    [2010/12/03 23:35:12 | 000,071,759 | ---- | C] () -- C:\Users\John\AppData\Local\tmp625295.JPG
    [2010/09/19 11:34:40 | 000,592,146 | ---- | C] () -- C:\Users\John\AppData\Local\tmp034.JPG
    [2010/04/30 22:36:03 | 000,462,056 | ---- | C] () -- C:\Users\John\AppData\Local\tmpIMG_0602.JPG
    [2010/03/16 21:53:39 | 000,617,960 | ---- | C] () -- C:\Users\John\AppData\Local\tmpIMG_0601.JPG
    [2009/11/10 22:48:46 | 000,009,319 | ---- | C] () -- C:\Users\John\Readme.html

    ========== LOP Check ==========

    [2010/02/25 08:28:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Amazon
    [2011/07/16 08:18:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Avery
    [2012/05/12 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
    [2012/07/09 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
    [2010/02/14 12:45:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GetRightToGo
    [2011/06/04 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
    [2012/04/01 13:42:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Memeo
    [2010/02/13 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PictureMover
    [2011/06/02 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Seagate
    [2011/03/31 21:57:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2010/02/20 15:09:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Western Digital
    [2012/03/06 21:11:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WildTangent
    [2010/03/28 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinBatch
    [2011/01/09 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer
    [2012/06/30 10:08:01 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2009/07/14 01:08:49 | 000,032,686 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
    < End of report >
    ----

    OTL Extras logfile created on: 7/10/2012 12:09:32 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 5.33 Gb Available Physical Memory | 67.21% Memory free
    15.86 Gb Paging File | 12.94 Gb Available in Paging File | 81.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.43 Gb Total Space | 802.68 Gb Free Space | 87.21% Space Free | Partition Type: NTFS
    Drive D: | 10.98 Gb Total Space | 1.59 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
    Drive F: | 7.55 Gb Total Space | 7.23 Gb Free Space | 95.81% Space Free | Partition Type: FAT32
    Drive J: | 931.28 Gb Total Space | 671.56 Gb Free Space | 72.11% Space Free | Partition Type: FAT32

    Computer Name: CYBOTRON-FIVE | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13B5616B-0559-4852-B988-6E213BA47635}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2514400B-9273-4CAD-BB10-1CB0D8843561}" = lport=137 | protocol=17 | dir=in | app=system |
    "{29E62FCF-2011-4778-AFF4-C99CEAE4D020}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3C8F2616-2D9B-4AA1-B2A6-CD2E8D7D8E12}" = lport=445 | protocol=6 | dir=in | app=system |
    "{46DACB3E-D165-4594-AB2D-C1887289CF35}" = lport=138 | protocol=17 | dir=in | app=system |
    "{528A6DFF-19EE-479D-8941-C9841D4B3AF6}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5A970ACC-5372-4D84-BEA8-7BA4640DA555}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5B79F4BD-892C-4654-A26C-7361DFB5763C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5CEE6EAE-0B33-4321-9C45-614B7389FF18}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{65B7323A-93E7-45E9-B2CF-E73E7DD8928E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{67E8F380-C43A-4BA7-93A6-2364467006BE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{6F267E17-47C5-4B5D-9FCD-6688EAF06AA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{72107063-A53B-4BAA-8C2B-01218CD5C1C0}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{7CA333EE-0468-4479-A0D5-C982E5DEC6D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{88D0FBEE-71D9-490C-838D-FCEC7F14E9C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{924AAC41-032F-403F-ACE2-92B7958DF6D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A3DEA20D-9E84-4CC9-909F-8DDA32202311}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B9FC7F3B-E801-4A17-A536-D87FE1F94A26}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BB5B8AEB-8B5D-481A-80E7-39E7C43E538F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BC6703F8-9FEB-47AC-A034-B276029D10B0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{CDF1046B-BF0F-4833-B3AF-552919E133A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DA1F1D57-AA4F-4F50-ACB0-A9E99CF12D47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{DA35D762-5C56-499C-91A9-18ACCDA5F412}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DCD1A377-8C06-4A66-8AB1-3DC6EA61FCDF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E3FB5C27-29FB-41F9-92A0-4D22328FF59D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E5F98AD1-E979-4028-B83D-BE94C1D927A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EB00F88D-7137-45FA-A62B-E91F71D20965}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{ECEE0471-F371-43F0-8D41-4D194C4999FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01CA4574-D227-4340-BE84-A66C1E5D9517}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{03DF2C6D-676A-4EBB-9E50-58C0FD0A00F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{0FD7A0EE-D7EA-410A-8757-C4E903BD49C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{143AAFBE-7A85-44EF-A31D-8C08CB638F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{14881725-1199-49B2-AEF1-FC8DEEB68277}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{153ABF0A-C601-4D7E-868C-03DEF5EA5954}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{164CC198-E66D-4F07-BF48-3FE1BE7189EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{1681E105-53D0-49E3-9B53-593223669F8B}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "{205C4750-16D9-4049-B342-1DB19735E645}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{21BFFB1A-A4AB-4F9C-80B7-41025A968710}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{2A859CA7-A5DC-48F2-8297-CCFE3870FD55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{2D7DFFE7-C20D-4880-8908-4C840AE3252A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{2D9027BB-63B6-4321-9960-93B3F29352DA}" = dir=in | app=c:\users\john\appdata\local\temp\7zs7650\setup\hpznui40.exe |
    "{2F249493-E48B-4DE2-860F-808C824FE278}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
    "{308B2045-ED8C-4D09-BDF8-684568B934BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{30A5EF02-7B62-4968-961B-BE5A58A10164}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{3200343B-5E4B-451C-A703-D956BA5D70D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{325C3D78-0C99-4CE9-9245-60F0AB9C97A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{35ABFD9A-C743-4EBE-B8F1-308F9FF43284}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{37F67420-CC8D-4078-AF04-5A3E5591B88F}" = protocol=6 | dir=out | app=system |
    "{3869F456-4753-4FA2-8232-A29A838FB050}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3FD056AC-8154-4CFE-ADE6-3575EC011BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{41449969-A5BD-4CAA-AEB8-0B8C134E1CC5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{4173B582-3028-490B-B9BA-E5C167E40A1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5098229F-804F-41E5-AB86-B4F71B071BB9}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "{52E8812B-6FAF-463E-A2E9-458FDCF16D96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{5C895AA9-A74A-4831-8401-23A8204B30C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{67FEFFCD-4AF1-4B59-B6F4-946F7259C1C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{6E4667F0-6966-47F5-A09A-6D72C4913B41}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{6EF472DB-E1A2-4F7C-9BE9-8D0A16CAFE5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{74C8E538-64C0-4536-94B5-1AEE9A5CC054}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
    "{76D508E0-C69D-42E2-A0C0-ED4DC8C86231}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{788D71E6-1E0D-49CC-B560-D44275007A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7B402E65-0FCF-404D-8B50-6BB1D0FFB085}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{7B6CECDF-0CB8-4D58-8869-8F561590825B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{7BAAD377-454E-4476-A6B5-D424EAD89359}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{7CC5B3A4-89ED-490F-8F80-EB78E11347DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{7CE09B7C-11CE-445B-B11D-E46C86EF1C06}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{7FF9341A-B8DC-4983-806B-03C2C76D9716}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{802BC4A0-BE0B-490C-B8F5-5A982C4436C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{81119378-3496-45FA-B468-957A06F1C29B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{873062D3-A0D3-491F-A372-5CECBFFF8B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{8EF34217-F8FF-471F-900E-AA9486E41484}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{8F99CC6C-A613-4B77-B585-434348F52D64}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{90B9B8F4-F28D-472F-B3D8-F2ED71A23BDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{93E319DD-BD11-4993-9D6D-4E0C4CFFC4BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{94BB6D7D-2318-4E1F-9BF6-D6B05FD61BC5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{954E0B03-96FE-4FD1-890E-E8098F05FF1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{9A1C16AB-5C49-4AEF-97A8-BF3B83B55030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9F3E9911-8967-4F60-9F11-4375CC5D6762}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{A170B97D-E58F-4F84-A32D-BEF5F8BFA528}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A1E34802-81EA-4A1F-83F9-84D7449D5CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A1F8C321-F349-440D-AD94-FA49D8BEAA5D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{A3E58164-AEA3-4F5C-8F27-8ED8EF7EF326}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{AE17A810-2DE8-4C90-AAD6-7D6D493B58F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BA2CA0A5-2ECE-472C-8428-D0969371D6B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{BB08A338-97B2-4D0E-81F1-F197C71084B2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{BB0A3F28-3ECA-402E-8377-0D23B9C40D09}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{BCDB11CE-E652-457D-A660-CACFAE9F9989}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{BD5CF623-A9C4-49E4-8D2B-76960647B9A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{BDE4F516-4F5B-4EEC-A97F-63E814E3B9AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BDFF97C3-5E94-4B56-87D7-0421C2F712E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{BE15C24B-CC79-4263-A1F0-099B9717A75D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{BE166E3C-C5E8-48C4-A3B1-648967C6213A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{BF6816FD-58AC-4C16-B136-18B693388F8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{C3D2892D-EF8F-4A6F-98F7-C3D481E53B99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C6CFF86C-A127-4057-812D-E7F8006ECBA8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{D43B6932-62CE-4E27-90D4-9121BB9FFBD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
    "{D580C7C8-A691-44BE-9986-D73558EF9E84}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{D905A79A-08A7-4458-8093-15B5D8CDA237}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{DA1A0EFB-846D-4100-9E18-29581713161B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{DAB66A72-4097-4E16-9B65-F61B10737DB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DBE815AD-FDC4-41D9-83D0-5DAEDAC56BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{E46FBA91-E3D0-4CE5-8A3C-E18045CAEDF7}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{E48E466D-043E-4E4D-B2FE-AF0217DAAC7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E81A7A12-E134-4E85-A142-1DFFA0B0600A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E87E578B-C20B-4C6C-8C17-061EC7B5AAC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{EF42AC0E-6B41-4BCD-B009-F0B722AF2B39}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F42C91CD-F67C-423D-99C1-E88D47C0A11A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F919A7CF-B172-4BF8-B7B5-A68D9D6E8A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F94C08DD-44F8-4B69-BF65-7BFE202ACC78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FC4768C3-DBE6-4590-B79B-BE09C13520C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{3863B990-5ED5-4393-9AD2-C0DD34FD8D60}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{3E6D64E5-9961-463D-BC80-8D9BBEDA6896}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{6859F4C4-D429-4DAB-BEE4-78F8BD427CF1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{73D58E37-3003-4B5B-8FDD-7B2F42DF5D36}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{A065FD07-48EE-4E1B-8867-D5C1ECB6F310}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "TCP Query User{A2D2AB0E-E5D7-4EFD-B018-272227EB88FF}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "UDP Query User{494C18CF-708E-4CEA-965A-21BDBBA94FA3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{76BB051E-9723-42E5-9E18-22D4A0A158E0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{8FDCA5C0-F472-4C6E-8F76-254EBFA5709A}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "UDP Query User{90217A8A-326D-468B-A629-505E55006359}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "UDP Query User{91CBA398-3E95-4EA6-8A13-3F7C8F240806}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{B175102C-A9F7-4908-83B3-AAC608C196F6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
     
  17. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    and...

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{50E9E32F-063A-412A-9627-553D5DA57C17}" = ESET NOD32 Antivirus
    "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
    "{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
    "{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
    "{EAEFE1C0-EB56-8963-9EC5-A0EB5FBA358D}" = TweetDeck
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
    "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "Audacity_is1" = Audacity 1.2.3
    "Audio Recorder Pro_is1" = Audio Recorder Pro 3.70
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Google Chrome" = Google Chrome
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "RealPlayer 15.0" = RealPlayer
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "Vid-Saver" = Vid-Saver
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "HuluDesktop" = Hulu Desktop
    "pdfsam" = pdfsam
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/19/2011 3:02:14 AM | Computer Name = Cybotron-Five | Source = MsiInstaller | ID = 1024
    Description =

    Error - 5/19/2011 8:56:28 PM | Computer Name = Cybotron-Five | Source = Application Error | ID = 1000
    Description = Faulting application name: MSPUB.EXE, version: 10.0.6867.0, time stamp:
    0x4ca0ee8d Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
    0x4a5bda6f Exception code: 0xc0000005 Fault offset: 0x00009f40 Faulting process id:
    0x1218 Faulting application start time: 0x01cc1688bf9c42ee Faulting application path:
    C:\Program Files (x86)\Microsoft Office\Office10\MSPUB.EXE Faulting module path:
    C:\Windows\syswow64\msvcrt.dll Report Id: fdb7a676-827b-11e0-9f51-4061865f20c3

    Error - 5/19/2011 8:56:40 PM | Computer Name = Cybotron-Five | Source = Microsoft Office 10 | ID = 2000
    Description = Accepted Safe Mode action : Microsoft Publisher.

    Error - 5/19/2011 11:09:08 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/19/2011 11:09:08 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1030

    Error - 5/19/2011 11:09:08 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

    Error - 5/19/2011 11:09:09 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/19/2011 11:09:09 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2216

    Error - 5/19/2011 11:09:09 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2216

    Error - 5/19/2011 11:09:10 PM | Computer Name = Cybotron-Five | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Cisco AnyConnect VPN Client Events ]
    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
    Line:
    7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4076
    Invoked
    Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
    Line:
    7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
    5559 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5274
    Invoked
    Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 7/9/2012 9:28:56 PM | Computer Name = Cybotron-Five | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
    Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    [ Hewlett-Packard Events ]
    Error - 5/13/2012 8:05:54 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:09:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:11:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:15:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:17:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:19:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:25:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 8:29:55 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 10:23:56 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/13/2012 10:37:36 PM | Computer Name = Cybotron-Five | Source = HPSF.exe | ID = 4000
    Description =

    [ Media Center Events ]
    Error - 8/27/2011 3:03:23 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 3:03:23 PM - Error connecting to the internet. 3:03:23 PM - Unable
    to contact server..

    Error - 8/27/2011 3:03:33 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 3:03:28 PM - Error connecting to the internet. 3:03:28 PM - Unable
    to contact server..

    Error - 8/27/2011 4:03:40 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 4:03:40 PM - Error connecting to the internet. 4:03:40 PM - Unable
    to contact server..

    Error - 8/27/2011 4:03:50 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 4:03:45 PM - Error connecting to the internet. 4:03:45 PM - Unable
    to contact server..

    Error - 8/27/2011 5:04:08 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 5:04:08 PM - Error connecting to the internet. 5:04:08 PM - Unable
    to contact server..

    Error - 8/27/2011 5:04:19 PM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 5:04:13 PM - Error connecting to the internet. 5:04:13 PM - Unable
    to contact server..

    Error - 1/2/2012 2:07:39 AM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 1:07:33 AM - Error connecting to the internet. 1:07:33 AM - Unable
    to contact server..

    Error - 1/2/2012 3:07:55 AM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 2:07:50 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 1/2/2012 4:09:05 AM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 3:09:00 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 1/2/2012 5:09:12 AM | Computer Name = Cybotron-Five | Source = MCUpdate | ID = 0
    Description = 4:09:07 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 7/9/2012 9:25:33 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 7/9/2012 11:23:38 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7034
    Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
    time(s).

    Error - 7/9/2012 11:23:38 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7034
    Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 7/9/2012 11:23:38 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 7/9/2012 11:30:11 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/9/2012 11:33:11 PM | Computer Name = Cybotron-Five | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/9/2012 11:35:24 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/9/2012 11:36:34 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/9/2012 11:43:27 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 7/9/2012 11:46:02 PM | Computer Name = Cybotron-Five | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: beatport.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: huntington.com ([onlinebanking] https in Trusted sites)
      O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: ldmail.tax-ms ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Domains: state.oh.us ([www-sys2.tax] https in Trusted sites)
      O15 - HKU\S-1-5-21-2750301714-3767477284-1182490875-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  19. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    The OTL file...

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\beatport.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\huntington.com\onlinebanking\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ldmail.tax-ms\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\state.oh.us\www-sys2.tax\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2750301714-3767477284-1182490875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John
    ->Temp folder emptied: 20131998 bytes
    ->Temporary Internet Files folder emptied: 1269525923 bytes
    ->Java cache emptied: 2922840 bytes
    ->Google Chrome cache emptied: 309479855 bytes
    ->Flash cache emptied: 439358 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 111711 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,528.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: John
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: John
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07102012_080521
    Files\Folders moved on Reboot...
    C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\John\AppData\Local\Temp\~DF983058FF35E3FBC2.TMP not found!
    File\Folder C:\Users\John\AppData\Local\Temp\~DFEA9F86AFB30CE198.TMP not found!
    File\Folder C:\Users\John\AppData\Local\Temp\~WRS0000.tmp not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\ctr[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\glamcube2845[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\google_com[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\partner[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\xhr[1].htm moved successfully.
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\300x250[1].htm not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ads[2].htm moved successfully.
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\afr[1].htm not found!
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\am[1].htm not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\B6745883[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\B6745883[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cached_iframe[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cached_iframe[2].htm moved successfully.
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cse[1].htm not found!
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ddc[1].htm not found!
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ddc[2].htm not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\partner[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\sound_iframe[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\swp[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\wordswithfriends[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\ads[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\DtCol[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\net[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\xd_arbiter[1].htm moved successfully.
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0W92PM8\afr[1].htm not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0W92PM8\like[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\1079135282[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\1079135282[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\fastbutton[1].htm moved successfully.
    File\Folder C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\1848452272[1].htm not found!
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\ai[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\bizo_multi[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\emily[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\RSltPrc[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\wwf-fb_zyngawithfriends_com[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\proxy[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\syncuppixels[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\win64-agent-ba-trojan-win64-sirefef-ae-trojan-etc[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\xd_arbiter[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\12[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\277391-otl-tutorial-how-to-use-oldtimer-listit[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\ads[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\storage[1].htm moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\John\AppData\Local\Temp\~DF983058FF35E3FBC2.TMP not found!
    File C:\Users\John\AppData\Local\Temp\~DFEA9F86AFB30CE198.TMP not found!
    File C:\Users\John\AppData\Local\Temp\~WRS0000.tmp not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\ctr[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\glamcube2845[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\google_com[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\partner[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWL62LFE\xhr[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\300x250[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ads[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\afr[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\am[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\B6745883[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\B6745883[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cached_iframe[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cached_iframe[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\cse[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ddc[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\ddc[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\partner[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\sound_iframe[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\swp[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5M43NRZ\wordswithfriends[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\ads[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\DtCol[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\net[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8X2KJY3\xd_arbiter[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0W92PM8\afr[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0W92PM8\like[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\1079135282[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\1079135282[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPB2QDM4\fastbutton[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\1848452272[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\ai[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\bizo_multi[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\emily[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\RSltPrc[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJG4XNR8\wwf-fb_zyngawithfriends_com[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\proxy[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\syncuppixels[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\win64-agent-ba-trojan-win64-sirefef-ae-trojan-etc[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3LV9BDL\xd_arbiter[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\12[2].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\277391-otl-tutorial-how-to-use-oldtimer-listit[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\ads[1].htm not found!
    File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U60O57L\storage[1].htm not found!
    Registry entries deleted on Reboot...

    ---

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 32
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````

    --

    Farbar Service Scanner Version: 08-07-2012
    Ran by John (administrator) on 10-07-2012 at 08:21:15
    Running from "C:\Users\John\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
    ---


    Scanning Report


    Tuesday, July 10, 2012 08:38:02 - 08:42:54


    Computer name: CYBOTRON-FIVE
    Scanning type: Quick scan
    Target: System


    8 malware found

    TrackingCookie.2o7 (spyware)
    • System (Disinfected)
    TrackingCookie.Advertising (spyware)
    • System (Disinfected)
    TrackingCookie.Revsci (spyware)
    • System (Disinfected)
    TrackingCookie.Zanox (spyware)
    • System (Disinfected)
    TrackingCookie.Adbrite (spyware)
    • System (Disinfected)
    TrackingCookie.Xiti (spyware)
    • System (Disinfected)
    TrackingCookie.Liveperson (spyware)
    • System (Disinfected)
    TrackingCookie.BlueStreak (spyware)
    • System (Disinfected)


    Statistics

    Scanned:
    • Files: 6730
    • System: 6730
    • Not scanned: 0
    Actions:
    • Disinfected: 8
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0


    Options

    Scanning engines:
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Schadenfreude92

    Schadenfreude92 TS Rookie Topic Starter

    Sadly, I ran the OTL clean up before I had a chance to post the log from running that script. (I believe the log has been deleted).

    But I've done just about everything on this list. The computer seems to be running very well. My Web browser is flying.

    Thank you very much for your help. I greatly appreciate it.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...