Sign in to follow this  
Followers 0
ak24

Fighting Babylon search malware, bProtector, searchplugin

28 posts in this topic

Hi,

I think my machine is having malware or spyware issues.

I always had McAfee on my machine. I tried scanning my machine with McAfee and Microsoft essentials where I got "0" threats.

With malware bytes i got "27" threats detected which I removed.

But I still have issues:

1. Babylon search

2. When I open images and PDF, 2 folders are created: bProtector for windows and searchplugins.

Help is much appreciated.

I read a following thread on forum:

http://forums.malwarebytes.org/index.php?showtopic=107066

I downloaded OTL.exe from this thread and like ran scan as per instructions.

I am posting my OTL.txt and Extras.txt below.

Please help...

Share this post


Link to post
Share on other sites

OTL.txt.

OTL logfile created on: 7/18/2012 11:09:16 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hp\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.21% Memory free

8.04 Gb Paging File | 5.80 Gb Available in Paging File | 72.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.66 Gb Total Space | 56.95 Gb Free Space | 25.69% Space Free | Partition Type: NTFS

Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 23:04:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

PRC - [2012/07/10 19:45:04 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

PRC - [2012/07/02 08:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

PRC - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe

PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll

MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll

MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll

MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll

MOD - [2012/07/04 00:03:37 | 002,008,096 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll

MOD - [2012/06/29 20:42:26 | 004,051,456 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll

MOD - [2012/06/29 20:42:26 | 000,100,864 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

MOD - [2008/04/23 23:51:56 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

MOD - [2008/04/23 23:51:40 | 000,120,200 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

MOD - [2008/04/23 23:51:40 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll

MOD - [2008/04/23 23:51:30 | 000,259,472 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 20:39:50 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/03/26 02:46:54 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)

SRV:64bit: - [2008/04/28 14:24:26 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vfsFPService.exe -- (vfsFPService)

SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/04/28 14:24:54 | 000,454,656 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)

DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091}

IE:64bit: - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE:64bit: - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111917&babsrc=SP_ss&mntrId=806a5f170000000000000021867741ae

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQDU9anyY&i=26

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{E4F8A3B6-6028-44FB-8E36-2BE00213527B}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/07/18 21:40:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/01 04:39:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/07/04 00:03:43 | 000,000,000 | ---D | M]

[2012/03/10 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions

[2012/07/18 21:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: MyStart Search (Enabled)

CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6PQDU9anyY&i=26

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\hp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: General Crawler = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\

CHR - Extension: Codecv = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhlkpnogjnndgkkgllfddmpncihnkk\1.0_0\

CHR - Extension: Gmail = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O3 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [googletalk] C:\Users\hp\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C73E1A7-0495-4270-AB4C-6E7810F2C3CB}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCDA36D-D73A-49E8-A275-B62EA1A60C6F}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\hp\Pictures\2012- 06June-Las Vegas(17-20 June)\DSC07310.JPG

O24 - Desktop BackupWallPaper: C:\Users\hp\Pictures\2012- 06June-Las Vegas(17-20 June)\DSC07310.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/07/05 20:10:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell - "" = AutoRun

O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 23:04:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

[2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\searchplugins

[2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\bProtectorForWindows

[2012/07/18 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/18 22:05:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/18 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2012/07/18 21:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate

[2012/07/18 21:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com

[2012/07/18 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/07/18 21:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

[2012/07/18 21:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv

[2012/07/18 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv

[2012/07/18 21:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2012/07/18 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/07/18 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/07/15 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes

[2012/07/15 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/15 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/11 13:07:36 | 000,000,000 | ---D | C] -- C:\2dabcaa47b27aeae096d8cbf4317

[2012/07/11 12:24:12 | 000,000,000 | ---D | C] -- C:\793cad9694fbfdb327ae

[2012/07/08 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

[2012/07/08 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2012/07/08 20:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010

[2012/07/08 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Statements_Chase

[2012/07/06 20:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/07/05 20:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared

[2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Autodesk

[2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Autodesk

[2012/07/05 20:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk

[2012/07/05 20:10:37 | 000,000,000 | ---D | C] -- C:\Autodesk

[2012/07/04 00:03:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012/07/04 00:03:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012/07/04 00:03:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows

[2012/07/04 00:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows

[2012/07/02 23:25:40 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\My PG&E

[2012/07/02 20:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode

[2012/07/02 20:27:11 | 000,000,000 | ---D | C] -- C:\Windows\XSxS

[2012/06/22 14:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

[2012/06/22 14:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons

[2012/06/20 08:32:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Tririga Training Docs

[2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 23:04:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

[2012/07/18 22:50:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000UA.job

[2012/07/18 22:49:04 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2012/07/18 22:46:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 22:46:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/18 22:46:14 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job

[2012/07/18 22:46:13 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job

[2012/07/18 22:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/18 22:45:40 | 4193,214,464 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/18 22:44:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/07/18 21:42:12 | 000,003,437 | ---- | M] () -- C:\user.js

[2012/07/18 20:43:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/18 20:42:40 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/18 20:42:40 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/18 20:42:40 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/18 19:50:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000Core.job

[2012/07/17 19:09:33 | 000,107,003 | ---- | M] () -- C:\Users\hp\Desktop\we.jpg

[2012/07/17 06:36:03 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat

[2012/07/15 11:32:16 | 000,386,699 | ---- | M] () -- C:\Users\hp\Desktop\feb.pdf

[2012/07/15 11:31:53 | 000,276,736 | ---- | M] () -- C:\Users\hp\Desktop\july.pdf

[2012/07/15 11:17:51 | 000,314,337 | ---- | M] () -- C:\Users\hp\Desktop\att.pdf

[2012/07/15 11:10:12 | 000,049,664 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/11 15:57:29 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk

[2012/07/11 12:41:41 | 003,078,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/08 20:34:46 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk

[2012/07/04 12:17:20 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/04 12:00:58 | 000,427,400 | ---- | M] () -- C:\Users\hp\Documents\BART_Map.pdf

[2012/07/04 11:58:48 | 000,197,326 | ---- | M] () -- C:\Users\hp\Documents\Golden Gate Park.pdf

[2012/07/04 11:57:55 | 000,449,078 | ---- | M] () -- C:\Users\hp\Documents\SF Map.pdf

[2012/07/04 11:57:03 | 001,916,312 | ---- | M] () -- C:\Users\hp\Documents\SF Muni Map.pdf

[2012/07/04 00:04:34 | 000,002,068 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/03 00:11:13 | 000,000,367 | ---- | M] () -- C:\Users\hp\Desktop\Pictures - Shortcut.lnk

[2012/06/30 09:52:37 | 000,096,959 | ---- | M] () -- C:\Users\hp\Documents\Sketch.pdf

[2012/06/23 16:03:48 | 000,000,000 | -H-- | M] () -- C:\Users\hp\Documents\Default.rdp

[2012/06/23 13:09:30 | 000,051,769 | ---- | M] () -- C:\Users\hp\Documents\ashish-kulkarni_ethiopia-restaurant.pdf

[2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 21:43:09 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job

[2012/07/18 21:43:07 | 000,000,360 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job

[2012/07/18 20:42:51 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/07/18 20:42:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/17 19:09:45 | 000,107,003 | ---- | C] () -- C:\Users\hp\Desktop\we.jpg

[2012/07/15 20:52:32 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/07/15 11:32:31 | 000,386,699 | ---- | C] () -- C:\Users\hp\Desktop\feb.pdf

[2012/07/15 11:32:07 | 000,276,736 | ---- | C] () -- C:\Users\hp\Desktop\july.pdf

[2012/07/15 11:17:50 | 000,314,337 | ---- | C] () -- C:\Users\hp\Desktop\att.pdf

[2012/07/08 20:34:46 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk

[2012/07/04 12:01:02 | 000,427,400 | ---- | C] () -- C:\Users\hp\Documents\BART_Map.pdf

[2012/07/04 11:58:53 | 000,197,326 | ---- | C] () -- C:\Users\hp\Documents\Golden Gate Park.pdf

[2012/07/04 11:58:00 | 000,449,078 | ---- | C] () -- C:\Users\hp\Documents\SF Map.pdf

[2012/07/04 11:57:12 | 001,916,312 | ---- | C] () -- C:\Users\hp\Documents\SF Muni Map.pdf

[2012/07/03 00:11:13 | 000,000,367 | ---- | C] () -- C:\Users\hp\Desktop\Pictures - Shortcut.lnk

[2012/06/30 09:52:37 | 000,096,959 | ---- | C] () -- C:\Users\hp\Documents\Sketch.pdf

[2012/06/23 16:03:48 | 000,000,000 | -H-- | C] () -- C:\Users\hp\Documents\Default.rdp

[2012/06/23 13:09:30 | 000,051,769 | ---- | C] () -- C:\Users\hp\Documents\ashish-kulkarni_ethiopia-restaurant.pdf

[2011/11/14 04:21:20 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat

[2011/10/01 15:49:28 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Roaming\.googlewebacchosts

[2011/09/28 22:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011/09/28 22:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011/09/28 22:56:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011/09/28 22:25:01 | 000,049,664 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/27 12:10:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2010/12/10 14:20:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2012/07/18 22:46:14 | 000,000,360 | -H-- | M] () -- C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job

[2012/07/18 22:46:13 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job

[2012/07/18 22:44:44 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Extras.txt

OTL Extras logfile created on: 7/18/2012 11:09:16 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hp\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.21% Memory free

8.04 Gb Paging File | 5.80 Gb Available in Paging File | 72.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.66 Gb Total Space | 56.95 Gb Free Space | 25.69% Space Free | Partition Type: NTFS

Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = E3 FE 03 F9 6F 85 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{473E65D6-5CBA-4408-A921-4CD7F203A3C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0921ECAD-29FF-4A2C-AC21-19920DBCA94F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0CE613AF-A7B1-411F-AF71-7196B009CC26}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |

"{132A733C-7838-4E47-98F2-D067536C87B2}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |

"{1A09A9CA-A2B4-4FC9-B571-ADFC473698C1}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |

"{1B7EBDCB-A3D1-4B82-9A5C-D3803AEAA04F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |

"{6180A0CD-4A82-4848-AD2C-3A0B44A0DBD0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |

"{7350D483-6705-4E25-971C-B31AD9D32018}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{75D5D6E9-09A6-40E0-A0F3-56166365CC1A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{776173E1-53B5-4C56-A87C-65F8F926B6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{8EC67706-7559-43EC-8EB3-6F26C4412D92}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{96676722-B681-4FBC-AC5F-5D3176CA6AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{99DB1C28-742B-4664-87BF-F9E14C1DFCCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A0D54485-EB40-4C7C-B813-25F4D788D1FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{AE52FAA6-E03F-49FB-AE36-9585CB55C11D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{B6DE3A6A-561C-4C0D-A54F-01EDFF9C5E70}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{BB397D14-E001-484C-8342-A053508C39FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BBEC3E57-03AA-47F6-B3BB-088657E9ABF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{BE7EADF6-BE92-47C4-8E25-0D94E300F922}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{BEC6E3A2-8EB0-41FE-87FC-FDF76CE5F877}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{BF371715-6869-46F0-A80F-B134F1DFA6A5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{C9B83AE3-5A30-4BA8-AACF-25C0DD88292D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CDC01749-B9C2-4F33-A15C-D66F0A60919B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{DA439475-71DA-4D0C-AD39-A2CDB27A6D8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{DD6B4C00-1F59-49FE-848C-EF755B325610}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{F88267F7-BA33-4B5A-8F62-E38108251ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |

"{F9B9427B-5DD7-4BB1-8E54-874D3712E431}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{FE43069C-8EF7-4126-8555-6809A29431F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2

"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439

"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English

"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AutoCAD 2010 - English" = AutoCAD 2010 - English

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Veoh Manager

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3

"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1

"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{DC812C48-0BC8-4718-B584-407EC4D87BAA}" = Building Design and Construction Systems

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Giraffic" = Veoh Giraffic Video Accelerator

"GMailFS" = GMail Drive Shell Extension

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04

"HP Smart Web Printing" = HP Smart Web Printing

"incredibar" = Incredibar Toolbar on IE

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Picasa 3" = Picasa 3

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"Veoh Web Player Beta" = Veoh Web Player

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VideoLAN VLC media player 0.8.6c

"WildTangent hp Master Uninstall" = My HP Games

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/18/2012 10:23:58 PM | Computer Name = hp-PC | Source = Chrome | ID = 1

Description =

Error - 7/18/2012 10:24:33 PM | Computer Name = hp-PC | Source = Chrome | ID = 1

Description =

Error - 7/18/2012 10:28:54 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/18/2012 11:16:50 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/18/2012 11:35:30 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/18/2012 11:49:41 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/19/2012 12:54:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/19/2012 12:54:04 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/19/2012 12:54:04 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 7/19/2012 1:47:21 AM | Computer Name = hp-PC | Source = WinMgmt | ID = 10

Description =

[ OSession Events ]

Error - 1/31/2012 2:57:24 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14898

seconds with 4200 seconds of active time. This session ended with a crash.

Error - 2/6/2012 1:00:49 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 171

seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 11/5/2011 11:42:37 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

Error - 11/6/2011 12:21:45 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:20:05 AM on 11/6/2011 was unexpected.

Error - 11/6/2011 12:23:45 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 11/8/2011 11:28:38 PM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

Error - 11/9/2011 1:45:09 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 11/9/2011 7:00:49 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

Error - 11/10/2011 7:00:41 AM | Computer Name = hp-PC | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.1.7 on

the Network Card with network address 0021008BBB80.

Error - 11/11/2011 7:00:48 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

Error - 11/12/2011 7:00:43 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

Error - 11/13/2011 7:00:49 AM | Computer Name = hp-PC | Source = PlugPlayManager | ID = 12

Description = The device 'ENE CIR Receiver' (ACPI\ENE0100\3&e89b380&0) disappeared

from the system without first being prepared for removal.

< End of report >

Share this post


Link to post
Share on other sites

Hello ak24 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Don't follow other instructions.

Step 1

Please uninstall the following applications:

Codecv

Incredibar Toolbar on IE

Viewpoint Media Player

Web Assistant 2.0.0.439

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    MOD - [2012/07/04 00:03:37 | 002,008,096 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll
    IE:64bit: - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111917&babsrc=SP_ss&mntrId=806a5f170000000000000021867741ae
    IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQDU9anyY&i=26
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/07/04 00:03:43 | 000,000,000 | ---D | M]
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6PQDU9anyY&i=26
    CHR - default_search_provider: suggest_url = ,
    CHR - Extension: Codecv = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhlkpnogjnndgkkgllfddmpncihnkk\1.0_0\
    O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    [2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\searchplugins
    [2012/07/18 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\hp\bProtectorForWindows
    [2012/07/18 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/07/18 21:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate
    [2012/07/18 21:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com
    [2012/07/18 21:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/07/18 21:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
    [2012/07/18 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
    [2012/07/18 21:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/07/04 00:03:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2012/07/04 00:03:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2012/07/04 00:03:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows
    [2012/07/04 00:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows

    :files
    C:\Program Files (x86)\Viewpoint
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Releasing module c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll

File move failed. c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll scheduled to be moved on reboot.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found.

HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB646DF0-0D68-44D6-836B-6DA6D3EEA89E}\ not found.

Registry key HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.

File C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.

File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension not found.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

File C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhlkpnogjnndgkkgllfddmpncihnkk\1.0_0 not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.

File C:\Program Files\Web Assistant\Extension64.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.

File C:\Program Files\Web Assistant\Extension32.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.

File C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ not found.

File C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll not found.

Registry value HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

Folder C:\Users\hp\searchplugins\ not found.

Folder C:\Users\hp\bProtectorForWindows\ not found.

C:\ProgramData\Premium\Setup folder moved successfully.

C:\ProgramData\Premium folder moved successfully.

C:\ProgramData\CodecUpdate\searchplugins folder moved successfully.

C:\ProgramData\CodecUpdate\bProtectorForWindows\2.2.453.59 folder moved successfully.

C:\ProgramData\CodecUpdate\bProtectorForWindows folder moved successfully.

C:\ProgramData\CodecUpdate folder moved successfully.

Folder C:\Program Files (x86)\Incredibar.com\ not found.

C:\Program Files\Web Assistant\searchplugins folder moved successfully.

C:\Program Files\Web Assistant\bProtectorForWindows\2.2.453.59 folder moved successfully.

C:\Program Files\Web Assistant\bProtectorForWindows folder moved successfully.

C:\Program Files\Web Assistant folder moved successfully.

Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv\ not found.

C:\ProgramData\Codecv\data folder moved successfully.

C:\ProgramData\Codecv folder moved successfully.

C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\A1381A8079B1F1B5 folder moved successfully.

C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully.

C:\ProgramData\InstallMate folder moved successfully.

C:\Windows\SysWow64\Extensions folder moved successfully.

C:\Windows\SysWow64\searchplugins folder moved successfully.

C:\Windows\SysWow64\bProtectorForWindows\2.2.453.59 folder moved successfully.

C:\Windows\SysWow64\bProtectorForWindows folder moved successfully.

C:\ProgramData\bProtectorForWindows\2.2.453.59\traking_settings folder moved successfully.

C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\searchplugins folder moved successfully.

C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\content folder moved successfully.

C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension\components folder moved successfully.

C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension folder moved successfully.

Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot.

Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.

========== FILES ==========

File\Folder C:\Program Files (x86)\Viewpoint not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\hp\Desktop\cmd.bat deleted successfully.

C:\Users\hp\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: hp

->Temp folder emptied: 2017697576 bytes

->Temporary Internet Files folder emptied: 932552325 bytes

->Java cache emptied: 195717 bytes

->Google Chrome cache emptied: 12363341 bytes

->Flash cache emptied: 742 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 380920618 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes

RecycleBin emptied: 1964603233 bytes

Total Files Cleaned = 5,062.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07272012_072510

Files\Folders moved on Reboot...

File move failed. c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll scheduled to be moved on reboot.

C:\ProgramData\bProtectorForWindows\2.2.453.59\traking_settings folder moved successfully.

Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot.

Folder move failed. C:\ProgramData\bProtectorForWindows\2.2.453.59 scheduled to be moved on reboot.

Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.

PendingFileRenameOperations files...

[2012/07/04 00:03:37 | 002,008,096 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.2.453.59\protector.dll : Unable to obtain MD5

File C:\ProgramData\bProtectorForWindows\2.2.453.59 not found!

File C:\ProgramData\bProtectorForWindows not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hello Maniac,

As per your direction, I deleted the required files and then ran OTL.

Posted above is the log.

Please advise.

Thanks in advance!

Share this post


Link to post
Share on other sites

Hello,

I think I do not see the babylon thing anymore. Thanks for your help! I will let you know if it comes back again.

I also have an another issue on my machine, When I open an image or PDF, 2 folders gets created - "bProtectorForWindows" and "searchplugins". Even I delete them those come back again. Can you please help me to resolve this issue?

Thanks in advance for your help.

Share this post


Link to post
Share on other sites

Hello,

I think the issue related to the "bProtectorForWindows" and "searchplugins" folders is fixed too.

The only question remaining is on my C: Drive i have a folder called " 2dabcaa47b27aeae096d8cbf4317" which i am not able to delete.

Can you please assist me?

Thanks.

Share this post


Link to post
Share on other sites

Please run OTL and click on CleanUp button. Let me know if you still see it.

Share this post


Link to post
Share on other sites

Hi,

I ran OTL - Cleanup. Rebooted my machine but I still see the folder in my C: Drive.

I tried deleting the folder but not able to do it.

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\2dabcaa47b27aeae096d8cbf431 /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

<p>Hi,</p>

<p>I worked as per your direction. Following is the result:</p>

<p> </p>

<p> </p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 22:43 on 02/08/2012 by hp</div>

<div>Administrator - Elevation successful</div>

<div>WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.</div>

<div> </div>

<div>========== dir ==========</div>

<div> </div>

<div>C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder.</div>

<div> </div>

<div>-= EOF =-</div>

Share this post


Link to post
Share on other sites

<p> </p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 22:43 on 02/08/2012 by hp</div>

<div>Administrator - Elevation successful</div>

<div>WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.</div>

<div> </div>

<div>========== dir ==========</div>

<div> </div>

<div>C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder.</div>

<div> </div>

<div>-= EOF =-</div>

Share this post


Link to post
Share on other sites

That's strange. Please generate a new fresh OTL log file.

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 23:06 on 06/08/2012 by hp

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\2dabcaa47b27aeae096d8cbf431 - Unable to find folder.

-= EOF =-

Share this post


Link to post
Share on other sites

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    c:|;true;true;true; /FP


  • Next, click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 8/7/2012 7:32:14 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\hp\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.33% Memory free

8.03 Gb Paging File | 5.88 Gb Available in Paging File | 73.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.66 Gb Total Space | 68.21 Gb Free Space | 30.77% Space Free | Partition Type: NTFS

Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 19:30:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

PRC - [2012/07/10 19:45:04 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

PRC - [2012/07/02 08:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

PRC - [2009/04/10 23:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe

PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/30 22:36:14 | 000,442,392 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll

MOD - [2012/07/30 22:36:13 | 012,235,288 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll

MOD - [2012/07/30 22:36:12 | 003,997,720 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll

MOD - [2012/07/30 22:34:45 | 000,144,424 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll

MOD - [2012/07/30 22:34:43 | 000,266,792 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll

MOD - [2012/07/30 22:34:42 | 002,480,680 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll

MOD - [2012/06/29 20:42:26 | 004,051,456 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll

MOD - [2012/06/29 20:42:26 | 000,100,864 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

MOD - [2008/04/23 23:51:56 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

MOD - [2008/04/23 23:51:40 | 000,120,200 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

MOD - [2008/04/23 23:51:40 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll

MOD - [2008/04/23 23:51:30 | 000,259,472 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 20:39:50 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/03/26 02:46:54 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)

SRV:64bit: - [2008/04/28 14:24:26 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/26 02:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vfsFPService.exe -- (vfsFPService)

SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2010/12/10 10:08:29 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2008/04/28 14:24:54 | 000,454,656 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)

DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091}

IE:64bit: - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope = {AAFE3C8E-9334-419E-8426-782F90D68091}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111917&babsrc=SP_ss&mntrId=806a5f170000000000000021867741ae

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{AAFE3C8E-9334-419E-8426-782F90D68091}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\{E4F8A3B6-6028-44FB-8E36-2BE00213527B}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/01 04:39:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension

[2012/03/10 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\Mozilla\Extensions

[2012/07/18 21:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\hp\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: AdBlock = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.40_0\

CHR - Extension: Gmail = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [googletalk] C:\Users\hp\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-658690307-2963030233-3916739470-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C73E1A7-0495-4270-AB4C-6E7810F2C3CB}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCDA36D-D73A-49E8-A275-B62EA1A60C6F}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (c:\progra~3\bprote~1\22453~1.59\protec~1.dll) - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\hp\Desktop\latest pics\DSC08216-crpd final.jpg

O24 - Desktop BackupWallPaper: C:\Users\hp\Desktop\latest pics\DSC08216-crpd final.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/07/05 20:10:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell - "" = AutoRun

O33 - MountPoints2\{0c02c5be-f32e-11e0-8b51-0021867741ae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:30:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

[2012/08/06 23:09:43 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\My Keypoint

[2012/08/06 15:28:57 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\COCKTAIL

[2012/08/06 15:28:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\JISM 2

[2012/08/06 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\EK THA TIGER

[2012/08/03 14:30:49 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\good old memories

[2012/07/27 07:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012/07/27 07:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\bProtectorForWindows

[2012/07/25 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\latest pics

[2012/07/18 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/18 22:05:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/18 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/07/18 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/07/18 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/07/18 20:41:38 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/07/15 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes

[2012/07/15 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/15 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/11 13:07:36 | 000,000,000 | ---D | C] -- C:\2dabcaa47b27aeae096d8cbf4317

[2012/07/11 09:37:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/07/11 09:37:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/11 09:37:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/07/11 09:37:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/11 09:37:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/07/11 09:37:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/11 09:37:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/07/11 09:37:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/11 09:37:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/07/11 09:37:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/11 09:37:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/07/11 09:37:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/07/11 09:37:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/10 14:04:34 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/07/08 20:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

[2012/07/08 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2012/07/08 20:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010

[2012/07/08 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Statements_Chase

[2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:30:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe

[2012/08/07 19:24:31 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000UA.job

[2012/08/07 19:24:29 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job

[2012/08/07 19:24:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/06 23:40:54 | 000,174,681 | ---- | M] () -- C:\Users\hp\Desktop\PGE Aug Payment.pdf

[2012/08/06 23:03:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 23:03:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 17:20:27 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2012/08/06 17:19:49 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job

[2012/08/06 17:19:27 | 4193,214,464 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 15:54:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/08/06 14:52:15 | 000,706,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/06 14:52:15 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/06 14:52:15 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/03 19:50:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658690307-2963030233-3916739470-1000Core.job

[2012/08/02 23:32:31 | 000,056,320 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/02 20:53:37 | 000,139,264 | ---- | M] () -- C:\Users\hp\Desktop\SystemLook.exe

[2012/08/02 08:05:56 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk

[2012/07/30 23:28:53 | 003,078,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/19 00:12:18 | 000,000,104 | ---- | M] () -- C:\Users\hp\Desktop\Recycle Bin - Shortcut.lnk

[2012/07/18 21:42:12 | 000,003,437 | ---- | M] () -- C:\user.js

[2012/07/18 20:43:46 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/18 20:42:40 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/17 06:36:03 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat

[2012/07/08 20:34:46 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk

[2 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 19:26:21 | 000,101,081 | ---- | C] () -- C:\Users\hp\Desktop\Comcast August.pdf

[2012/08/07 19:26:15 | 000,078,182 | ---- | C] () -- C:\Users\hp\Desktop\Amex 62000 August 07.pdf

[2012/08/07 19:26:13 | 000,077,501 | ---- | C] () -- C:\Users\hp\Desktop\Amex 41006 August 07.pdf

[2012/08/07 19:26:12 | 000,090,344 | ---- | C] () -- C:\Users\hp\Desktop\Citibank August 07.pdf

[2012/08/06 23:40:52 | 000,174,681 | ---- | C] () -- C:\Users\hp\Desktop\PGE Aug Payment.pdf

[2012/08/02 20:53:31 | 000,139,264 | ---- | C] () -- C:\Users\hp\Desktop\SystemLook.exe

[2012/07/19 00:12:18 | 000,000,104 | ---- | C] () -- C:\Users\hp\Desktop\Recycle Bin - Shortcut.lnk

[2012/07/18 21:43:09 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterRefreshTask.job

[2012/07/18 21:43:07 | 000,000,360 | -H-- | C] () -- C:\Windows\tasks\CodecUpdaterUpdaterLogonTask.job

[2012/07/18 20:42:51 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/07/18 20:42:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/15 20:52:32 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/07/08 20:34:46 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk

[2011/11/14 04:21:20 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat

[2011/10/01 15:49:28 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Roaming\.googlewebacchosts

[2011/09/28 22:56:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011/09/28 22:56:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011/09/28 22:56:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011/09/28 22:25:01 | 000,056,320 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/27 12:10:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2010/12/10 14:20:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

========== Custom Scans ==========

< c:|;true;true;true; /FP >

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 8/7/2012 7:32:14 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\hp\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.33% Memory free

8.03 Gb Paging File | 5.88 Gb Available in Paging File | 73.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.66 Gb Total Space | 68.21 Gb Free Space | 30.77% Space Free | Partition Type: NTFS

Drive D: | 11.22 Gb Total Space | 1.87 Gb Free Space | 16.64% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = E3 FE 03 F9 6F 85 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{473E65D6-5CBA-4408-A921-4CD7F203A3C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0921ECAD-29FF-4A2C-AC21-19920DBCA94F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0CE613AF-A7B1-411F-AF71-7196B009CC26}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |

"{132A733C-7838-4E47-98F2-D067536C87B2}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |

"{1A09A9CA-A2B4-4FC9-B571-ADFC473698C1}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |

"{1B7EBDCB-A3D1-4B82-9A5C-D3803AEAA04F}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |

"{6180A0CD-4A82-4848-AD2C-3A0B44A0DBD0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |

"{7350D483-6705-4E25-971C-B31AD9D32018}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{75D5D6E9-09A6-40E0-A0F3-56166365CC1A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{776173E1-53B5-4C56-A87C-65F8F926B6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{8EC67706-7559-43EC-8EB3-6F26C4412D92}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{96676722-B681-4FBC-AC5F-5D3176CA6AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{99DB1C28-742B-4664-87BF-F9E14C1DFCCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{A0D54485-EB40-4C7C-B813-25F4D788D1FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{AE52FAA6-E03F-49FB-AE36-9585CB55C11D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{B6DE3A6A-561C-4C0D-A54F-01EDFF9C5E70}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{BB397D14-E001-484C-8342-A053508C39FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BBEC3E57-03AA-47F6-B3BB-088657E9ABF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{BE7EADF6-BE92-47C4-8E25-0D94E300F922}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{BEC6E3A2-8EB0-41FE-87FC-FDF76CE5F877}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{BF371715-6869-46F0-A80F-B134F1DFA6A5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{C9B83AE3-5A30-4BA8-AACF-25C0DD88292D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CDC01749-B9C2-4F33-A15C-D66F0A60919B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{DA439475-71DA-4D0C-AD39-A2CDB27A6D8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{DD6B4C00-1F59-49FE-848C-EF755B325610}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{F88267F7-BA33-4B5A-8F62-E38108251ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |

"{F9B9427B-5DD7-4BB1-8E54-874D3712E431}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{FE43069C-8EF7-4126-8555-6809A29431F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2

"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection

"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English

"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AutoCAD 2010 - English" = AutoCAD 2010 - English

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{1499DD49-D63C-4884-8AF4-ADBE8502471F}" = Programming, Planning, and Practice

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Veoh Manager

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3

"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1

"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{DC812C48-0BC8-4718-B584-407EC4D87BAA}" = Building Design and Construction Systems

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Giraffic" = Veoh Giraffic Video Accelerator

"GMailFS" = GMail Drive Shell Extension

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Picasa 3" = Picasa 3

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"Veoh Web Player Beta" = Veoh Web Player

"VLC media player" = VideoLAN VLC media player 0.8.6c

"WildTangent hp Master Uninstall" = My HP Games

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-658690307-2963030233-3916739470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/7/2012 10:24:21 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6919783

Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6922529

Error - 8/7/2012 10:24:23 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6922529

Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6923574

Error - 8/7/2012 10:24:24 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6923574

Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6925165

Error - 8/7/2012 10:24:26 PM | Computer Name = hp-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6925165

[ OSession Events ]

Error - 1/31/2012 2:57:24 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14898

seconds with 4200 seconds of active time. This session ended with a crash.

Error - 2/6/2012 1:00:49 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 171

seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 8/2/2012 11:42:13 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 8/2/2012 11:42:13 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 8/5/2012 3:02:45 AM | Computer Name = hp-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 5:49:35 PM on 8/4/2012 was unexpected.

Error - 8/5/2012 3:05:10 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 8/5/2012 3:25:19 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:49:40 AM on 8/5/2012 was unexpected.

Error - 8/5/2012 3:27:19 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 8/5/2012 9:22:05 PM | Computer Name = hp-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 4:59:01 PM on 8/5/2012 was unexpected.

Error - 8/6/2012 11:30:48 AM | Computer Name = hp-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 6:24:00 PM on 8/5/2012 was unexpected.

Error - 8/6/2012 11:33:25 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 8/6/2012 8:21:46 PM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7022

Description =

< End of report >

Share this post


Link to post
Share on other sites

Hi,

I followed the steps.

Above are my OTL and Extras reports.

Please let me know.

Thanks in advance.

Share this post


Link to post
Share on other sites

Please manually delete this folder if you still exist.

Share this post


Link to post
Share on other sites

Hi,

I cannot manually delete this folder.

It gives me "Try Again" option.

Other than this query do you think my machine is currently free from malware?

Share this post


Link to post
Share on other sites

Could be Microsoft related, leave it.

Yes, I think your system is clean now. What do you think? :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.