Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Check Up Time!
#1
Hey guys, please check up on my HJT log below.

Tell me everything you might find suspicious, except NoteStryker.exe (my program).

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:25 PM, on 4/21/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\%USERNAME%\Documents\Visual Studio 2010\Projects\IcoExtraction\IcoExtraction\bin\Debug\IcoExtraction.vshost.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\TraceDebugger Tools\IntelliTrace.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supportforums.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [KasperskyPasswordManager] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\%USERNAME%\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: NoteStryker!.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - (no file)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11194 bytes

Download HJT File at Mediafire

Tell me everything that is wrong, not normal and fishy and basically everything please. Thank you.

[Image: t5BWm.png]
Reply
#2
Everything seems fine.
  • Step 1

    Please download the OTL Log Analysis from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    • Save it to your Desktop.
    • Please double-click OTL.exe to run it.
    • Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output, change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two Notepad windows.
      • OTL.txt
      • Extras.txt
    • These are saved in the same location as OTL.
    • Please copy (Right-click > Select All > Copy) the contents of these files, one at a time, and post it with your next reply.
  • Step 2

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • Step 3

    Download DDS.scr by sUBs from one of the following links and save it to your Desktop.

    'Link 1'
    'Link 2'
    • Double-click on DDS.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear, DDS.txt and Attach.txt.
    • A window will open instructing you save and post the logs. Save the logs to a convenient place such as your Desktop.
    • Copy the contents of both logs and post in your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • ESET Scan Log
    • OTL Log
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply
#3
Step #1
Code:
Problems Encountered:
OTL Extras logfile created on: 4/22/2011 9:33:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\%USERNAME%\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250.63 Gb Total Space | 142.54 Gb Free Space | 56.87% Space Free | Partition Type: NTFS
Drive D: | 47.46 Gb Total Space | 35.53 Gb Free Space | 74.86% Space Free | Partition Type: NTFS

Computer Name: %USERNAME%S-PC | User Name: %USERNAME% | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3CA18EF2-4716-4E76-BCF6-9EADAE743483}" = SkinCrafter 3.5.1 Demo x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Recuva" = Recuva
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{296578D7-E2A3-79AC-DF77-AE45ED643D6B}" = Icon Generator Pro
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{47F6627C-61DD-4191-91C3-2E4077EE7B1F}" = MAGIX Music Maker 17 Premium Download Version
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8A08F0-A43A-41A6-8266-D74B71E9247E}" = Eazfuscator.NET
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{99B7F66B-42D0-4378-9791-C66A6418A520}" = IHA_MessageCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FA2E0CF-64E8-3536-BA71-618A48D9AF55}" = Google Talk Plugin
"{A0524B49-9798-4EFB-A392-06C18BEC7432}" = Vz In Home Agent
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B352D3F6-352B-4031-9C79-2C7A26062BBC}" = MAGIX Music Maker 17 Premium (Synthesizer and effects)
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFDD2913-557D-4EB5-8745-47749E521760}" = MAGIX Screenshare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDD41BE8-3FEE-4839-B1D8-8970D24D314D}" = MAGIX Speed burnR (MSI)
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FFmpeg for Audacity_is1" = FFmpeg 2009-01-08 for Audacity
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"IcoFX_is1" = IcoFX 1.6.4
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"jp.clockmaker.IconGeneratorPro" = Icon Generator Pro
"Kaspersky Password Manager_is1" = Kaspersky Password Manager 4.0.0.133
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX_MSI_mm17dlx" = MAGIX Music Maker 17 Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiPony" = MiPony 1.2.1
"PowerISO" = PowerISO
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Step #2
Problems Encountered:



Step #3
Problems Encountered:
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/7/2010 8:46:10 AM
System Uptime: 4/22/2011 9:22:15 AM (2 hours ago)
.
Motherboard: Compal |  | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 251 GiB total, 142.423 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 35.525 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.2
Advanced SystemCare 3
Akamai NetSession Interface
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Audacity 1.3.12 (Unicode)
BitPim 1.0.7
Camtasia Studio 7
CardRecovery 5.30
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Crystal Reports for Visual Studio
CyberLink DVD Suite
D3DX10
Eazfuscator.NET
ESET Online Scanner v3
ESU for Microsoft Vista
FFmpeg 2009-01-08 for Audacity
Firebird SQL Server - MAGIX Edition
Google Chrome
Google Talk Plugin
Gyazo 1.0
HashCheck Shell Extension (x86-32)
HiJackThis
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
IcoFX 1.6.4
Icon Generator Pro
IDT Audio
IHA_MessageCenter
ImgBurn
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Kaspersky Internet Security 2011
Kaspersky Password Manager 4.0.0.133
LAME v3.98.2 for Audacity
LG USB Modem driver
MAGIX Music Maker 17 Premium (Synthesizer and effects)
MAGIX Music Maker 17 Premium Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiPony 1.2.1
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Noise Reduction Plug-in 2.0i
PDF Settings CS5
PowerISO
QLBCASL
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
Sound Forge Pro 10.0
Text-To-Speech-Runtime
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Vz In Home Agent
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft Video Converter Ultimate 6
.
==== End Of File ===========================
[/b][/color]

DDS.txt
Code:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by %USERNAME% at 10:58:13.89 on Fri 04/22/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3838.2013 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\%USERNAME%\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\%USERNAME%\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.supportforums.net/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [KasperskyPasswordManager] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
uRun: [Google Update] "C:\Users\%USERNAME%\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NoteStryker!.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64:     link filter bho - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/08/17 15:07:15];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-22 363344]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-9-7 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-17 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-8 228408]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2010-12-29 189952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-9 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-9 59392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-24 11856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-22 1255736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; [x]
S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
.
=============== Created Last 30 ================
.
2011-04-22 15:55:30    8802128    ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CF2D888A-A211-4569-8DD5-EBF2E7D48F5F}\mpengine.dll
2011-04-22 03:51:37    388096    ----a-r-    C:\Users\%USERNAME%~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-22 03:49:14    --------    d-----w-    C:\Program Files (x86)\Team Viewer
2011-04-21 05:47:03    --------    d-----w-    C:\Program Files\iPod
2011-04-21 05:47:02    --------    d-----w-    C:\Program Files\iTunes
2011-04-21 05:36:04    --------    d-----w-    C:\Program Files\Bonjour
2011-04-21 05:36:04    --------    d-----w-    C:\Program Files (x86)\Bonjour
2011-04-19 19:37:31    --------    d-----w-    C:\Icon Extractor
2011-04-18 23:15:40    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Local\{11E1DB17-EF78-4230-AF69-86B48AA0FD38}
2011-04-18 23:11:38    --------    d-----w-    C:\Windows\en
2011-04-18 23:05:52    69464    ----a-w-    C:\Windows\SysWow64\XAPOFX1_3.dll
2011-04-18 23:05:52    515416    ----a-w-    C:\Windows\SysWow64\XAudio2_5.dll
2011-04-18 23:05:49    523088    ----a-w-    C:\Windows\System32\d3dx10_42.dll
2011-04-18 23:05:49    453456    ----a-w-    C:\Windows\SysWow64\d3dx10_42.dll
2011-04-18 23:04:44    4398360    ----a-w-    C:\Windows\System32\d3dx9_32.dll
2011-04-18 23:04:44    3426072    ----a-w-    C:\Windows\SysWow64\d3dx9_32.dll
2011-04-18 23:01:50    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\97db333e1cbfe1c04\DSETUP.dll
2011-04-18 23:01:50    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\97db333e1cbfe1c04\DXSETUP.exe
2011-04-18 23:01:50    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\97db333e1cbfe1c04\dsetup32.dll
2011-04-18 23:01:44    94040    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\93d46ab41cbfe1c03\DSETUP.dll
2011-04-18 23:01:44    525656    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\93d46ab41cbfe1c03\DXSETUP.exe
2011-04-18 23:01:44    1691480    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\93d46ab41cbfe1c03\dsetup32.dll
2011-04-18 23:01:06    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Local\Windows Live
2011-04-18 23:01:05    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2011-04-17 00:23:25    --------    d-----w-    C:\Program Files\SkinCrafter3
2011-04-16 15:04:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Motive
2011-04-16 15:02:04    45    ----a-w-    C:\Windows\SysWow64\stopSvc.bat
2011-04-16 15:02:04    260    ----a-w-    C:\Windows\SysWow64\cmdVBS.vbs
2011-04-16 14:56:03    --------    d-----w-    C:\Program Files (x86)\Verizon
2011-04-10 15:11:34    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Local\IsolatedStorage
2011-04-10 06:09:25    --------    d-----w-    C:\Program Files (x86)\LogicNP Software
2011-04-10 05:59:08    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Roaming\Crypto Obfuscator For .Net v2011
2011-04-10 00:22:59    76800    ----a-w-    C:\Windows\System32\tdc.ocx
2011-04-09 23:32:01    --------    d-----w-    C:\Windows\System32\SPReview
2011-04-09 23:24:01    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2011-04-09 23:24:01    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2011-04-09 23:22:59    51200    ----a-w-    C:\Windows\SysWow64\PushPrinterConnections.exe
2011-04-09 23:21:59    955904    ----a-w-    C:\Windows\System32\localspl.dll
2011-04-09 23:20:59    561152    ----a-w-    C:\Program Files (x86)\Common Files\System\msadc\msadce.dll
2011-04-09 23:19:59    90112    ----a-w-    C:\Windows\System32\nci.dll
2011-04-09 23:18:59    516096    ----a-w-    C:\Windows\SysWow64\main.cpl
2011-04-09 23:17:59    14848    ----a-w-    C:\Windows\System32\tsbyuv.dll
2011-04-09 23:16:59    89088    ----a-w-    C:\Windows\System32\amstream.dll
2011-04-09 23:15:59    28160    ----a-w-    C:\Windows\System32\shgina.dll
2011-04-09 23:14:43    6144    ----a-w-    C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2011-04-09 23:14:42    4096    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2011-04-09 23:14:42    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-04-09 23:14:41    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-04-09 23:14:29    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-04-09 23:14:29    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-04-09 23:13:03    209920    ----a-w-    C:\Windows\SysWow64\PkgMgr.exe
2011-04-09 23:13:03    189952    ----a-w-    C:\Windows\SysWow64\wdscore.dll
2011-04-09 23:07:47    323072    ----a-w-    C:\Windows\SysWow64\drvstore.dll
2011-04-09 23:07:46    257024    ----a-w-    C:\Windows\SysWow64\dpx.dll
2011-04-09 23:06:29    606208    ----a-w-    C:\Windows\SysWow64\wbem\fastprox.dll
2011-04-09 23:06:29    363008    ----a-w-    C:\Windows\SysWow64\wbemcomn.dll
2011-04-09 22:42:59    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2011-04-09 22:42:59    524288    ----a-w-    C:\Windows\System32\wmicmiplugin.dll
2011-04-09 22:42:59    1225216    ----a-w-    C:\Windows\System32\wbem\wbemcore.dll
2011-04-09 22:40:32    933376    ----a-w-    C:\Windows\System32\SmiEngine.dll
2011-04-09 22:37:59    199168    ----a-w-    C:\Windows\System32\PkgMgr.exe
2011-04-09 22:31:21    422912    ----a-w-    C:\Windows\System32\drvstore.dll
2011-04-09 22:31:16    399872    ----a-w-    C:\Windows\System32\dpx.dll
2011-04-09 20:01:13    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Local\The_High_Roller_©_Inc
2011-04-07 04:11:43    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-07 04:11:43    --------    d-----w-    C:\Users\%USERNAME%~1\AppData\Roaming\Adobe Mini Bridge CS5
2011-04-06 23:26:58    96544    ----a-w-    C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58    69408    ----a-w-    C:\Windows\System32\jdns_sd.dll
2011-04-06 23:26:58    237856    ----a-w-    C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58    119584    ----a-w-    C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16    91424    ----a-w-    C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16    75040    ----a-w-    C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16    197920    ----a-w-    C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16    107808    ----a-w-    C:\Windows\SysWow64\dns-sd.exe
2011-04-06 00:09:27    --------    d-----w-    C:\Program Files (x86)\Common Files\Akamai
2011-04-01 18:39:36    --------    d-----w-    C:\PFiles
2011-04-01 15:48:58    321024    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2011-04-01 15:48:58    219136    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2011-04-01 15:48:58    197120    ----a-w-    C:\Windows\System32\d3d10_1.dll
2011-04-01 15:48:58    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2011-03-26 15:27:35    --------    d-----w-    C:\Program Files\Red Gate
2011-03-26 15:27:33    --------    d-----w-    C:\PROGRA~3\Red Gate
.
==================== Find3M  ====================
.
2011-04-10 00:22:59    48640    ----a-w-    C:\Windows\System32\mshtmler.dll
2011-04-10 00:22:59    111616    ----a-w-    C:\Windows\System32\iesysprep.dll
2011-04-10 00:22:58    85504    ----a-w-    C:\Windows\System32\iesetup.dll
2011-04-10 00:22:58    448512    ----a-w-    C:\Windows\System32\html.iec
2011-04-10 00:22:57    603648    ----a-w-    C:\Windows\System32\vbscript.dll
2011-04-10 00:22:57    30720    ----a-w-    C:\Windows\System32\licmgr10.dll
2011-04-10 00:22:57    165888    ----a-w-    C:\Windows\System32\iexpress.exe
2011-04-10 00:22:57    160256    ----a-w-    C:\Windows\System32\wextract.exe
2011-04-10 00:22:57    1492992    ----a-w-    C:\Windows\System32\inetcpl.cpl
2011-04-09 23:45:38    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2011-04-09 23:45:37    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2011-03-11 06:34:51    1359872    ----a-w-    C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50    1395712    ----a-w-    C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59    1164288    ----a-w-    C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59    1137664    ----a-w-    C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32    976896    ----a-w-    C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29    741376    ----a-w-    C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:24:16    183296    ----a-w-    C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57    30208    ----a-w-    C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16    28672    ----a-w-    C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08    3135488    ----a-w-    C:\Windows\System32\win32k.sys
2011-02-24 06:15:44    476160    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54    288256    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27    467456    ----a-w-    C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03    411648    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47    167936    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12    287744    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15    1139200    ----a-w-    C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37    1544192    ----a-w-    C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17    902656    ----a-w-    C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51    1076736    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50    739840    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54    294912    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2011-02-19 00:36:58    51712    ----a-w-    C:\Windows\System32\drivers\usbaapl64.sys
2011-02-19 00:36:58    4184352    ----a-w-    C:\Windows\System32\usbaaplrc.dll
2011-02-12 11:34:16    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16    642944    ----a-w-    C:\Windows\System32\winload.efi
2011-02-05 17:10:08    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41    605552    ----a-w-    C:\Windows\System32\winload.exe
2011-02-05 17:06:41    566208    ----a-w-    C:\Windows\System32\winresume.efi
2011-02-05 17:06:41    518672    ----a-w-    C:\Windows\System32\winresume.exe
2011-02-03 05:40:23    472808    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2011-02-03 01:11:20    270720    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 11:10:34.25 ===============


[Image: t5BWm.png]
Reply
#4
Please uninstall Java™ 6 Update 7. Also, do you recognize the files below?

Code:
C:\Windows\SysWow64\stopSvc.bat
C:\Windows\SysWow64\cmdVBS.vbs
Reply
#5
(04-23-2011, 07:14 AM)Quintus Wrote: Please uninstall Java™ 6 Update 7. Also, do you recognize the files below?

Code:
C:\Windows\SysWow64\stopSvc.bat
C:\Windows\SysWow64\cmdVBS.vbs

No I do not recognize the two of the the files at all, Quintus!
What should I do?
[Image: t5BWm.png]
Reply
#6
  • Step 4

    Please set Windows 7 to show both hidden and system files and folders so that you can find specific files to delete.
    1. Click Start and navigate to Control Panel.
    2. On Appearance and Personalization > Folder Options > Show hidden files and folders.
    3. On the View tab, uncheck the following:
      • Hide file extensions for known file types
      • Hide protected operating system files (Recommended)
    4. Click Yes on the warning message.
    5. Under Hidden files and folders, check Show hidden files, folders, and drives.
    6. Click Apply to All Folders.
    7. Click OK.
    Note: I will give you instructions for hiding them again once your system seems clean.
  • Step 5

    We need to do a quick check.
    • Go to 'VirusTotal'.
    • Click Browse.
    • Copy and paste the exact file name(s) in bold (if there are more than one file listed, please open multiple tabs) to the address bar located on top of the new window that appeared:
      • C:\Windows\SysWow64\stopSvc.bat
        C:\Windows\SysWow64\cmdVBS.vbs
    • Click Open > Send File.
    • Copy and paste back the link(s) to the result(s) once VirusTotal has finished scanning the file.
Reply
#7
Results:
Stopsvr.bat

C:\Windows\SysWow64\cmdVBS.vbs

There we go! Tell me what you think, because based on whats there, I am clean! Big Grin

[Image: t5BWm.png]
Reply
#8
  • Step 6

    Please set Windows 7 to hide both hidden and system files and folders since your system seems clean.
    1. Click Start and navigate to Control Panel.
    2. On Appearance and Personalization > Folder Options > Show hidden files and folders.
    3. On the View tab, check the following:
      • Hide file extensions for known file types
      • Hide protected operating system files (Recommended)
    4. Under Hidden files and folders, uncheck Show hidden files, folders, and drives.
    5. Click Apply to All Folders.
    6. Click OK.
I see no infections present in your log anymore. If you are not having any further problems, I declare you ALL CLEAN.

Required Clean-Ups


★ CleanUp! With OldTimer's Move-It (OTM) ★

This will remove all temporary files stored in your computer and as well as the files generated by the specialised tools I instructed you to use.
  • For Windows Vista and Windows 7:
    • Download OldTimer's Move-It (OTM) 'here' and save it to your desktop. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    • Please double-click OTM to run it.
    • No programs other than OTM should be running; we will perform a reboot after.
    • On the interface, click the Cleanup! button.
    • Select Yes after the prompt and wait for the reboot.
★ Make Internet Explorer Less Vulnerable ★

I ask that you do not disregard this step whether you are using Internet Explorer or not as your main browser. Please be advised that though you don't seem to be using this, I can assure you that most of your everyday applications use this browser's technology to update thereby solidifying the necessity to update it. Do not leave a single component of your system vulnerable.
    • At Internet Explorer's interface navigate to Tools > Internet Options.
    • Click once on the Security > Internet > Custom Level buttons.
    • Change the following to the designated modifications.
      • ActiveX Controls and Plug-Ins
        • Download Signed ActiveX Controls > Prompt
        • Download Unsigned ActiveX Controls > Disable
        • Initialise And Script ActiveX Controls Not Marked As Safe > Disable
      • Miscellaneous
        • Installation Of Desktop Items > Prompt
        • Launching Programs And Files In An iFrame > Prompt
        • Navigate Sub-frames Across Different Domains > Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
★ Set A Clean System Restore Point ★

This is done to prevent possible reinfection. Your system's restore points need to be constantly flushed. The reason being the infections residing in your system once, could have been more or less, saved in one of your restore points. System Restore is a protected directory; your tools can not access it to delete these files. Re-infection is imminent if this is left unattended. Now, after successfully cleaning your system, creating a clean restore point is essential in case you will ever need a clean backup.
  • For Windows 7:
    1. On the Start Menu, right-click Computer > Properties > System Protection link.
    2. Click Configure.
    3. Click Delete > Continue > OK.
    4. You are now back at the System Protection Tab.
    5. Click Create > <Any Title Here> > Create.
    6. A prompt should tell you that it was successful. Click Close.
    7. Click OK.
    8. System Restore will be working again and will have a new restore point.
A Quick Summary To Prevent Reinfection

1. Install an anti-virus and keep it updated. Run complete system scans.

"An antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware."

You have to make sure you have an anti-virus installed. Update your anti-virus every day to make sure it has the latest signatures. Yes, updating is essential in maintaining your computer. The latest updates will ensure the integrity of your chosen program. Some paid anti-viruses even offer hourly updates and the reason for this is clear - malware gets advanced and new variants are detected in a short span of time. In addition to updating, perform a complete scan weekly. You might think you don't need it however you do. Don't rely on your instincts that your system is clean.

2. Install and maintain a good firewall.

"A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria."

Make sure you have a firewall installed. A firewall helps monitor connections both inward and outbound. If you have not installed a firewall yet, please be advised that the pre-installed firewall that you have is not much of a protection against attacks. A firewall helps monitor connections both inward and outbound therefore having a specialised firewall is essential.

3. Update Java Runtime Environment.

"The Java Runtime Environment (JRE), also known as Java Runtime, is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files. "

You must make sure your Java is up-to-date. Older versions have vulnerabilities that can be exploited. Follow the steps below to update Java.

For Vista and Windows 7:
    • To get the latest version of Java please go 'here'.
    • Go to Start > Control Panel > Programs and Features or Uninstall a Program.
    • Search in the list for all previous installed versions of Java. You currently have:
      • Java™ 6 Update *
      • Java™ SE Development Kit 6 Update *
    • Choose Uninstall.
    • Now install the version(s) you downloaded earlier.
4. Clear temporary files.

Click 'here' to download Temp File Cleaner by OldTimer. Save it to your desktop.
    • Close any open windows.
    • Double-click TFC.exe and select Run when prompted to execute the program. It will close all open programs itself in order to run.
    • Click the Start button to begin the cleaning process.
    • Please let the program run uninterruptedly.
    • Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.
5. Keep your computer updated.

You may currently have an outdated Windows Operating System. It is highly recommended you install the latest updates as these are extremely important which contain fixes for several bugs and security issues that attackers exploit. Always make sure that you are protected on all sides. Microsoft offers these updates free of charge. I present to you the option to perform the update.
    • Running Windows Update
      • Go to the 'Official Microsoft Windows Update' site using the latest version of Internet Explorer.
        1. On the Tools menu in Internet Explorer, click Internet Options.
        2. Click the Security tab.
        3. Click the Trusted Sites icon, and then click Sites....
        4. Uncheck the Require Server Verification checkbox.
        5. Make sure the following URLs are listed in the Web Sites list box:
          Code:
          http://*.windowsupdate.microsoft.com
          http://*.windowsupdate.com
        • A pop-up will automatically open.
        • If the pop-up failed to open, click the Start button, click All Programs, and then click Windows Update.
        • Install the Important Updates and reboot as required.
6. Prevention is better than any cure.

Constant vigilance is your number one tool. Aside from keeping in mind safe surfing habits, specific tools are there to further enhance your security. The good thing is that they are free, reliable and low on system resources. Even having them running together won't slow down your system. To download, simply click on the name of each software.

CCleaner

CCleaner is a freeware system optimization, privacy and cleaning tool. CCleaner is the number one tool for cleaning your Windows PC. It protects your privacy online and makes your computer faster and more secure. Easy to use and a small, fast download.
  • Run CCleaner regularly, suggestively after you are done browsing or using your system for the day as it cleans temporary files such as cookies that may prove harmful.
    • Open CCleaner.
      • On the CCleaner tab, select Analyze and wait for the analysis.
        • Click on the Run Cleaner button.
      • On the Registry tab, select Scan For Issues and wait until it finishes.
        • Select Fix Selected Issues > No > Fix All Selected Issues > Close.
MVPS Hosts

MVPS Hosts helps to protect your Privacy and Security by blocking sites that may track your viewing habits. In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your privacy and security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or data miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".
  • Make sure to check the MVPS Hosts 'site' for updates monthly.
SpywareBlaster

Spywareblaster prevents the installation of ActiveX-based spyware and other potentially unwanted programs. SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.
  • Update SpywareBlaster every day as it adds a list of restricted sites and cookies.
    • Open SpywareBlaster.
    • Click Updates > Check For Updates.
    • If updates are available, refresh the entries by going to Protection Status > Enable All Protection.
WinPatrol

WinPatrol's Host-based Intrusion Prevention System (HIPS) takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. WinPatrol was the pioneer in using a heuristic behavioral approach to detecting attacks and violations of your computing environment. It continues to be the most powerful system monitor for its small memory footprint.
  • Watch for WinPatrol alerts. It will monitor any unwanted changes to your system, such as startup programs and Active X additions.
7. Ask questions.
  • If you have any other questions, please post them on this thread.
Thank you,
Quintus
Reply


Forum Jump:


Users browsing this thread: 5 Guest(s)