Solved Trojan.ZeroAccess!inf

GeoffQ · Aug 5, 2012

...edited

GeoffQ · Aug 5, 2012

OTL logfile created on: 8/5/2012 4:23:18 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Geoff\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.37% Memory free
6.00 Gb Paging File | 4.74 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 135.24 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive E: | 2.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OMNICRONPERSEI8 | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 16:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2006/11/03 14:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 14:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/06 12:56:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2006/11/03 14:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 14:57:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 07:56:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 09:18:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/20 18:59:32 | 001,408,904 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2011/11/21 20:17:59 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/24 10:59:18 | 000,155,648 | ---- | M] () [Disabled | Stopped] -- C:\Windows\agent.exe -- (Agent)
SRV - [2011/07/14 10:06:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/09/29 09:56:22 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/07/22 08:54:16 | 000,081,920 | ---- | M] (Firebird Project) [On_Demand | Stopped] -- C:\Program Files\FirebirdSQL\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/07/22 08:53:46 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Stopped] -- C:\Program Files\FirebirdSQL\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 04:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Geoff\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/03 20:57:55 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/03 14:01:43 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/03 14:01:43 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/03 14:01:43 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/03 14:01:43 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/02 08:32:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/07/26 15:53:45 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/07/11 01:00:46 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/28 23:28:38 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symnets.sys -- (SymNetS)
DRV - [2012/03/28 23:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012/03/28 23:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012/03/28 23:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/28 23:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX)
DRV - [2011/11/29 15:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/01 23:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2011/07/14 11:08:06 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/05/13 15:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 15:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/10 05:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/14 10:32:18 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/13 22:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/02/24 21:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/02/11 00:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/07/13 17:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/10/31 07:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/08/28 12:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/05/09 18:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 18:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007/05/09 18:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/03/27 08:08:20 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/24 11:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/09/14 13:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D EB 6B 0E 66 52 CD 01 [binary data]
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=jFFrCrHX7DYRYxkcK2Vj51_DKSs?q={searchTerms}
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/Ser...z&scc=1&ltmpl=default&ltmplcache=2&from=login"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Geoff\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Geoff\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Geoff\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Geoff\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/18 19:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012/01/18 19:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/09 08:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/10 14:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/06/01 17:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/03 14:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/05 15:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/02 07:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 14:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/15 14:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/06/15 14:26:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/10/21 14:49:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/18 19:09:03 | 000,000,000 | ---D | M]

[2011/07/13 18:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions
[2012/07/24 18:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions
[2011/08/24 10:43:46 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions\DeviceDetection@logitech.com
[2012/05/24 01:03:59 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions\foxyproxy@eric.h.jung
[2012/03/29 20:22:03 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions\info@allpremiumplay.info
[2012/05/24 01:04:06 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions\LogMeInClient@logmein.com
[2012/07/24 18:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\extensions\staged
[2012/02/06 10:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/26 15:53:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/12 12:35:21 | 000,016,072 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SPVNGJJ.DEFAULT\EXTENSIONS\{0CBDFB73-07E9-4CDB-8E40-9CD9742057BE}.XPI
[2012/07/24 18:05:57 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SPVNGJJ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/10/29 14:26:42 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SPVNGJJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/09/05 14:51:45 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SPVNGJJ.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2011/09/12 14:08:16 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SPVNGJJ.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012/08/02 07:56:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/11 12:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 14:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/02 07:56:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/02 07:56:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/05 12:18:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

GeoffQ · Aug 5, 2012

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (VersionControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{485C8E1E-D60C-4D24-9C13-8962D932E283}: DhcpNameServer = 209.121.225.11 209.91.107.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/11 20:47:03 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 16:06:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/08/05 15:40:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 14:33:44 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\TDSSKiller.exe
[2012/08/05 12:02:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 12:02:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 12:02:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 12:02:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 12:00:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 11:51:19 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Geoff\Desktop\ComboFix.exe
[2012/08/05 10:53:32 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Malwarebytes
[2012/08/04 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 16:44:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/04 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/04 16:43:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/03 20:57:24 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys
[2012/08/03 20:57:24 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys
[2012/08/03 20:57:24 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symnets.sys
[2012/08/03 20:57:24 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys
[2012/08/03 20:57:23 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys
[2012/08/03 20:57:23 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys
[2012/08/03 20:57:23 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys
[2012/08/03 20:56:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1307010.005
[2012/08/03 16:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/08/03 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012/08/03 15:24:00 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Windows 7 32 bit
[2012/08/03 15:08:38 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Geoff\Desktop\KillZeroAccess.exe
[2012/08/03 14:35:04 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\BFE
[2012/08/03 14:25:24 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\Geoff\Desktop\FixZeroAccess.exe
[2012/08/03 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\FixZeroAccess
[2012/08/03 13:53:04 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/08/03 13:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/03 13:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/03 13:52:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/08/03 13:52:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/03 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/08/03 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/08/03 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/08/03 13:19:15 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\Geoff\Desktop\NPE.exe
[2012/08/03 13:13:37 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\SPE
[2012/08/03 13:04:35 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\CrashDumps
[2012/08/03 13:03:30 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\NPE
[2012/08/03 13:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/02 13:17:08 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\Securities
[2012/08/01 21:46:09 | 002,990,096 | ---- | C] (PureSight Technologies Ltd) -- C:\Windows\System32\winsflte.dll
[2012/07/29 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/07/29 17:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Total Defense
[2012/07/29 17:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2012/07/29 16:44:16 | 041,500,564 | ---- | C] (Total Defense, Inc.) -- C:\Users\Geoff\Desktop\issdm_td_en.exe.part
[2012/07/26 15:53:45 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/07/24 18:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/07/24 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/07/09 21:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FNP
[2012/07/09 21:05:26 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\ArcGIS 10.1
[5 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 16:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/08/05 15:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 15:53:21 | 000,020,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 15:53:21 | 000,020,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 15:51:11 | 000,659,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 15:51:11 | 000,120,838 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 15:46:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 15:46:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 15:45:54 | 2415,468,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 15:33:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000UA.job
[2012/08/05 13:13:38 | 002,117,108 | ---- | M] () -- C:\Users\Geoff\Desktop\tdsskiller.zip
[2012/08/05 12:18:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/05 11:51:33 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Geoff\Desktop\ComboFix.exe
[2012/08/04 21:56:02 | 317,488,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/04 17:33:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000Core.job
[2012/08/04 16:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Geoff\Desktop\hdkj80hq.exe
[2012/08/04 16:44:50 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 16:44:17 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 11:17:09 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/04 11:16:06 | 001,145,233 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/08/04 11:15:46 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1307010.005\VT20120410.035
[2012/08/03 20:57:55 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/08/03 20:57:55 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/08/03 20:57:55 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/08/03 16:36:14 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/08/03 15:08:58 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Geoff\Desktop\KillZeroAccess.exe
[2012/08/03 15:00:18 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\Geoff\Desktop\FixZeroAccess.exe
[2012/08/03 13:50:48 | 000,269,596 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2012/08/03 13:19:19 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\Geoff\Desktop\NPE.exe
[2012/08/03 13:15:35 | 014,388,739 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
[2012/08/03 13:07:52 | 000,000,000 | ---- | M] () -- C:\KmxAMRT.asc
[2012/08/02 10:30:54 | 000,001,226 | ---- | M] () -- C:\messages.xml
[2012/08/01 21:46:10 | 001,744,912 | ---- | M] () -- C:\Windows\System32\winsflt.dll
[2012/07/29 17:43:20 | 000,009,072 | ---- | M] () -- C:\Windows\System32\drivers\28169
[2012/07/29 16:47:35 | 041,500,564 | ---- | M] (Total Defense, Inc.) -- C:\Users\Geoff\Desktop\issdm_td_en.exe.part
[2012/07/26 15:53:45 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\TDSSKiller.exe
[2012/07/09 08:55:36 | 000,000,079 | ---- | M] () -- C:\Windows\omv.INI
[2012/07/08 17:48:49 | 000,033,330 | ---- | M] () -- C:\Users\Geoff\Desktop\Virtually There - eTicket Receipt.pdf
[2012/07/08 10:12:33 | 000,116,721 | ---- | M] () -- C:\Users\Geoff\Desktop\CMAFlightReceipt.pdf
[5 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 13:13:35 | 002,117,108 | ---- | C] () -- C:\Users\Geoff\Desktop\tdsskiller.zip
[2012/08/05 12:02:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 12:02:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 12:02:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 12:02:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 12:02:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 16:49:47 | 000,302,592 | ---- | C] () -- C:\Users\Geoff\Desktop\hdkj80hq.exe
[2012/08/04 16:44:49 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 11:15:46 | 001,145,233 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/08/04 11:15:46 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\VT20120410.035
[2012/08/03 20:57:24 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symds.cat
[2012/08/03 20:57:24 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnet.cat
[2012/08/03 20:57:24 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.cat
[2012/08/03 20:57:24 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.inf
[2012/08/03 20:57:24 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symds.inf
[2012/08/03 20:57:24 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnet.inf
[2012/08/03 20:57:23 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.cat
[2012/08/03 20:57:23 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.cat
[2012/08/03 20:57:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.cat
[2012/08/03 20:57:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\iron.cat
[2012/08/03 20:57:23 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.inf
[2012/08/03 20:57:23 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.inf
[2012/08/03 20:57:23 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.inf
[2012/08/03 20:57:23 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\iron.inf
[2012/08/03 20:56:44 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symvtcer.dat
[2012/08/03 20:56:44 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\isolate.ini
[2012/08/03 16:34:26 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/08/03 13:53:04 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/08/03 13:53:04 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/08/03 13:52:53 | 000,002,414 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/03 13:14:29 | 014,388,739 | ---- | C] () -- C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
[2012/08/03 13:07:52 | 000,000,000 | ---- | C] () -- C:\KmxAMRT.asc
[2012/08/02 10:30:54 | 000,001,226 | ---- | C] () -- C:\messages.xml
[2012/08/01 21:46:10 | 004,108,304 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2012/08/01 21:46:10 | 002,760,720 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2012/08/01 21:46:10 | 001,744,912 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2012/08/01 21:46:10 | 000,098,320 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2012/08/01 21:46:09 | 003,207,184 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2012/07/29 17:43:20 | 000,009,072 | ---- | C] () -- C:\Windows\System32\drivers\28169
[2012/07/08 17:48:57 | 000,033,330 | ---- | C] () -- C:\Users\Geoff\Desktop\Virtually There - eTicket Receipt.pdf
[2012/07/08 10:12:27 | 000,116,721 | ---- | C] () -- C:\Users\Geoff\Desktop\CMAFlightReceipt.pdf
[2012/07/03 17:18:22 | 000,182,871 | ---- | C] () -- C:\Windows\hpwins11.dat
[2012/07/03 17:18:22 | 000,000,392 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2012/07/03 16:42:22 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/25 17:48:50 | 000,000,079 | ---- | C] () -- C:\Windows\omv.INI
[2012/06/03 12:27:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/25 12:35:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2012/05/25 10:35:11 | 000,155,648 | ---- | C] () -- C:\Windows\agent.exe
[2012/05/25 10:34:37 | 000,046,592 | ---- | C] () -- C:\Windows\System32\sdtnpm.dll
[2012/04/18 15:58:35 | 000,219,484 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/04/18 12:09:36 | 000,007,605 | ---- | C] () -- C:\Users\Geoff\AppData\Local\Resmon.ResmonCfg
[2012/03/08 15:44:21 | 000,000,247 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/03/08 15:44:21 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/03/08 15:42:51 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd9840cn.dat
[2012/03/08 15:41:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012/03/08 15:41:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/03/08 15:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/02/23 14:15:28 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat.temp
[2012/01/30 15:35:42 | 000,000,000 | ---- | C] () -- C:\Users\Geoff\AppData\Local\{B4A9EEE0-44B3-42DE-9FEA-A5EBBEA625D0}
[2012/01/18 18:56:11 | 000,206,458 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/12/09 14:56:21 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/09 14:56:21 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9840cd.dat
[2011/12/09 14:56:21 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/11/28 15:48:54 | 000,000,763 | ---- | C] () -- C:\Users\Geoff\AppData\Roaming\bibstats
[2011/10/02 20:54:55 | 000,006,144 | ---- | C] () -- C:\Users\Geoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 10:40:56 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011/07/24 10:40:56 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011/07/21 12:35:38 | 000,092,919 | ---- | C] () -- C:\Windows\Scan to PDF Uninstaller.exe
[2011/07/21 12:31:43 | 000,372,736 | ---- | C] () -- C:\Windows\System32\hpgt2300.dll
[2011/07/21 12:28:55 | 000,159,839 | ---- | C] () -- C:\Windows\ScanWiz Uninstaller.exe
[2011/07/17 07:15:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/07/14 10:57:53 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/13 20:06:25 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2011/07/13 19:03:06 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011/07/13 19:03:06 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2010/11/20 14:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/11/16 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Blackberry Desktop
[2011/10/16 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\calibre
[2012/06/05 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Canon
[2012/07/26 15:55:29 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\DAEMON Tools Lite
[2012/08/05 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Dropbox
[2011/07/24 10:46:43 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Eclipse
[2012/06/19 11:32:10 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\ESRI
[2012/08/03 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\FixZeroAccess
[2011/11/10 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\GARMIN
[2012/04/18 07:25:02 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Geosoft Inc
[2012/08/03 21:59:00 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\GetRightToGo
[2011/07/14 08:23:14 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Gmail Notifier Plus
[2011/07/14 11:54:35 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Golden Software
[2011/07/13 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Hewlett Packard
[2011/09/20 10:55:47 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Ida
[2011/08/03 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Leadertech
[2011/07/23 12:57:36 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\LolClient
[2012/06/01 22:18:07 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\LolClient2
[2011/12/14 02:21:44 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\MoreTerra
[2012/01/04 14:04:09 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Mumble
[2011/07/14 10:57:51 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Neat
[2011/07/14 10:57:46 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Nuance
[2011/08/10 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Polar Engineering
[2011/10/02 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Research In Motion
[2012/01/18 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\RidNacs
[2012/08/03 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\SPE
[2011/08/03 04:40:58 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Thunderbird
[2011/09/20 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\WinBatch
[2012/04/23 14:14:34 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >

GeoffQ · Aug 5, 2012

OTL Extras logfile created on: 8/5/2012 4:23:18 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Geoff\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.37% Memory free
6.00 Gb Paging File | 4.74 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 135.24 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive E: | 2.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OMNICRONPERSEI8 | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05081207-1E4D-49A1-93E5-078CDEFCE857}" = protocol=17 | dir=in | app=c:\users\geoff\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{145B938F-1A1D-4C63-93A3-E001FD71DEF8}" = protocol=6 | dir=in | app=c:\users\geoff\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{077584EB-29A4-698F-2943-7BF25E685506}" = Catalyst Control Center Graphics Full Existing
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082FA29F-143B-47ED-B66A-A11F0E6EA4A9}" = DNRGarmin
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1624E927-1F74-34E2-64FB-263CE6A6CD6F}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B06283F-BB48-48D5-A303-9834D9ADD485}" = HP Officejet Pro K8600
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS 10.1 License Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A9196F5-9B7C-EA83-6BC8-944BF707143D}" = ccc-utility
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = CodecC
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D60292B-1C68-2751-E708-6E419318C9E1}" = Catalyst Control Center InstallProxy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41903DF9-6CB1-0EC3-4B1E-76D55FAD9C80}" = Catalyst Control Center HydraVision Full
"{4420B59B-9FEC-8F4C-75A3-3FE927D8AEA1}" = Catalyst Control Center Graphics Full Existing
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{54D966AE-AEB7-7BC9-B09A-A7BB0EAC236C}" = ccc-core-static
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56B777D9-9D85-4A81-BF59-1EED7401ADC4}" = Google Cloud Connect for Microsoft Office
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59E58CDE-3301-4263-9C35-81804FAFE589}" = BPDSoftware
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{5C67F561-4758-4EC9-A727-CF8CEBD58041}" = Catalyst Control Center - Branding
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5E44C19D-3D1F-87F9-65D2-F87C6F66DF91}" = Catalyst Control Center Core Implementation
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{634FA727-B731-4204-AADC-D6F34F41374F}" = HP Officejet 7500 E910 Basic Device Software
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C8365F4-1102-4064-B696-68842D20B933}" = ArcGIS 10.1 for Desktop
"{6D801E11-493E-7DDC-8016-5E7694F15DBA}" = Catalyst Control Center Core Implementation
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6DF68292-863C-2943-813E-144E41DB1908}" = Catalyst Control Center Graphics Previews Vista
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737F8964-D019-5D45-5FF4-8924FE62F564}" = Catalyst Control Center Graphics Full New
"{7458DEC8-250C-44C0-775D-D94160B852B8}" = CCC Help English
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7648A1E4-162B-73C3-57E4-FFD5BEB809F4}" = ccc-utility
"{78076104-12C3-462E-8B4F-149519CE4AB0}" = calibre
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE38C02-9CFD-78DC-B4F3-32168B004ACF}" = Catalyst Control Center Graphics Previews Common
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{863E71C1-0EF2-4375-81AC-177649EC6A67}" = Surfer 10 (32-bit)
"{876A68DC-D654-E528-A874-7D08AE435016}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A5E91190-FFD4-4B8F-9F9F-5B1AA758BC69}" = Geosoft Oasis montaj Viewer
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8F08475-969D-4A95-846D-B453EE2F2ACA}" = Geosoft Plugin for ArcGIS
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7DE589B-59FB-1A37-33DA-DED08CA88DC4}" = Skins
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9840CDW
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CEF5E226-E4F3-44C9-8F35-C675B75A827A}" = Ida
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D7708A7D-8909-4DDA-8DC7-8778570B2B44}" = hppTLBXFXCP1520
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
"{E1C64658-DA86-47E1-913D-879B60CC81C3}" = K8600_Basic
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F84D89DC-51BE-76E0-C874-EEFD1C2E9472}" = Catalyst Control Center Graphics Light
"{F9C52512-F5AB-4CA8-8E35-6396797DD72A}" = Send To Neat
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAC09C92-93A7-38BC-BA47-8F20439C2781}" = Catalyst Control Center Graphics Light
"{FC5CFF48-C9B9-4666-BE72-3F9453E435DA}" = hppCP1520LaserJetService
"{FCA2DE74-4208-D578-118C-CD7C1E67C00C}" = Catalyst Control Center Graphics Full New
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"21A278FF533186329A8D4FCE4BC9BE937044B65B" = Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS 10.1 for Desktop" = ArcGIS 10.1 for Desktop
"ArcGIS 10.1 License Manager" = ArcGIS 10.1 License Manager
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business-in-a-Box" = Business-in-a-Box
"CA PC Tune-Up_is1" = CA PC Tune-Up 3.0.0.2
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033z" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFA80A1A9E9E5D9D06B752A0699094A9D978F871" = Windows Driver Package - Broadcom (b57nd60x) Net (05/10/2011 14.8.0.5)
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Fire Client_is1" = Fire Client v2.14
"FirebirdSQL" = FirebirdSQL
"GeoView" = GeoView
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MobilityDotNET" = DH Mobility Modder.NET
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NDT_is1" = NDT 7.1.2
"Neat" = Neat
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RidNacs_is1" = RidNacs 2.0.3
"Scan to PDF" = Scan to PDF
"ScanWiz" = ScanWiz
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"Speed Dial Utility" = Canon Speed Dial Utility
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 24200" = DC Universe Online
"Steam App 440" = Team Fortress 2
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 65800" = Dungeon Defenders
"Surfer 10 (32-bit)" = Surfer 10 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2012 4:23:38 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 61574

Error - 3/26/2012 4:23:39 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/26/2012 4:23:39 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 62572

Error - 3/26/2012 4:23:39 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 62572

Error - 3/26/2012 4:23:40 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/26/2012 4:23:40 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 63570

Error - 3/26/2012 4:23:40 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 63570

Error - 3/26/2012 4:23:41 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/26/2012 4:23:41 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64709

Error - 3/26/2012 4:23:41 PM | Computer Name = Omnicronpersei8 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64709

[ System Events ]
Error - 8/5/2012 7:04:01 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 23 time(s).

Error - 8/5/2012 7:04:13 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 24 time(s).

Error - 8/5/2012 7:04:25 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 25 time(s).

Error - 8/5/2012 7:04:37 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 26 time(s).

Error - 8/5/2012 7:04:48 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 27 time(s).

Error - 8/5/2012 7:05:00 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 28 time(s).

Error - 8/5/2012 7:05:12 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 29 time(s).

Error - 8/5/2012 7:05:24 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 30 time(s).

Error - 8/5/2012 7:05:35 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 31 time(s).

Error - 8/5/2012 7:05:47 PM | Computer Name = Omnicronpersei8 | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly. It has done
this 32 time(s).

< End of report >

GeoffQ · Aug 5, 2012

Broni, the computer is doing SO much better!!!

Thank you SO much for all your hard work!!

Is there anything else I need to do?

Broni · Aug 5, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
IE - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O3 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-168794860-1045125424-4017413192-1000\..Trusted Ranges: GD ([http] in Local intranet)
[2012/08/05 10:53:32 | 000,000,000 | ---D | C] -- C:\FRST
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

GeoffQ · Aug 5, 2012

All processes killed
========== OTL ==========
Service XDva391 stopped successfully!
Service XDva391 deleted successfully!
File C:\Windows\system32\XDva391.sys not found.
HKU\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-168794860-1045125424-4017413192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c}\{51f2c320-465a-b82c-db4c-992d1544e03c}\U folder moved successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c}\{51f2c320-465a-b82c-db4c-992d1544e03c}\L folder moved successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c}\{51f2c320-465a-b82c-db4c-992d1544e03c} folder moved successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c}\U folder moved successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c}\L folder moved successfully.
C:\FRST\Quarantine\{51f2c320-465a-b82c-db4c-992d1544e03c} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData\TEMP:553CA6CA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Export
->Temp folder emptied: 0 bytes

User: Geoff
->Temp folder emptied: 857151 bytes
->Temporary Internet Files folder emptied: 170957880 bytes
->Java cache emptied: 2368518 bytes
->FireFox cache emptied: 70150315 bytes
->Flash cache emptied: 107963 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 947642 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 943996 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Export

User: Geoff
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Export

User: Geoff
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_173703

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

GeoffQ · Aug 5, 2012

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.270
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (5.0). Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

GeoffQ · Aug 5, 2012

Farbar Service Scanner Version: 04-08-2012 01
Ran by Geoff (administrator) on 05-08-2012 at 20:30:26
Running from "C:\Users\Geoff\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

GeoffQ · Aug 6, 2012

Just running the ESET scan now. Can I run Norton Utilities and a Norton Virus scan after it finishes?

My Windows update is working again, which is fantastic!!

Broni · Aug 6, 2012

Hold on with those two scans until we're totally done.

GeoffQ · Aug 6, 2012

Will do. The ESET scan is still working. I'm sorry, but I have to head to bed. I'll let you know the results in the morning.

Thanks so much Broni, I'm definitely going to donate to your tip jar when this is all over!!

Broni · Aug 6, 2012

Haha...no problem

When you're done with Eset....

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

============================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

GeoffQ · Aug 6, 2012

Hi Broni, here it is!

Farbar Service Scanner Version: 04-08-2012 01
Ran by Geoff (administrator) on 06-08-2012 at 17:56:50
Running from "C:\Users\Geoff\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Aug 6, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

GeoffQ · Aug 6, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Export
->Temp folder emptied: 0 bytes

User: Geoff
->Temp folder emptied: 26645082 bytes
->Temporary Internet Files folder emptied: 19227280 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42897007 bytes
->Flash cache emptied: 1155 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1423751 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Export

User: Geoff
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Export

User: Geoff
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08062012_185150

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

GeoffQ · Aug 6, 2012

Broni, thank you SO MUCH!!! You are INCREDIBLE!!!

Computer is working fine now. Windows update completed successfully.

Thank you so much for all your help!

I put a little something in your donation box - enjoy!!

Broni · Aug 6, 2012

Way to go!!
Good luck and stay safe

...and thank you

Solved Trojan.ZeroAccess!inf

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

Broni

Posts: 56,041 +517

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

Broni

Posts: 56,041 +517

GeoffQ

Posts: 30 +0

Broni

Posts: 56,041 +517

GeoffQ

Posts: 30 +0

Broni

Posts: 56,041 +517

GeoffQ

Posts: 30 +0

GeoffQ

Posts: 30 +0

Broni

Posts: 56,041 +517

Similar threads

Latest posts