http://www.dslreports.com/forum/my-labtop-has-been-hijacked-27791571 en Tue, 18 Jun 2013 20:13:56 EDT Tue, 18 Jun 2013 20:13:56 EDT http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27793645
There is no way to determine how badly the operating system has been affected, leaving no choice but flatten and repave.]]> http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27793645 Thu, 06 Dec 2012 10:11:59 EDT http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791600 Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java 7 Update 9
Adobe Reader 10.1.4 [color=red]Adobe Reader out of Date![/color]
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome plugins...
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
NetCutDefender services AIPS.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 5%
[u]````````````````````End of Log``````````````````````[/u]

---

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=1daba2b94d229a4ea34a0c9da05b6cc9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-05 07:56:58
# local_time=2012-12-05 09:56:58 (+0200, Egypt Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 62800 106367268 0 0
# scanned=239449
# found=13
# cleaned=12
# scan_time=6891
C:\Max Payne 3\Max.Payne.3.CrackOnly-RLD-btarena\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 886E36C6F04F391E2E90A05F73C8EC05E0A61A3E C
C:\Users\Zol7y\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UETWLLYF\1c3b34gc[1].exe a variant of MSIL/Kryptik.GY trojan (cleaned by deleting - quarantined) 5FF570EA11BC2AB07C722E007BE0AAB1C778A5E6 C
C:\Users\Zol7y\AppData\Local\Temp\65190.exe a variant of MSIL/Injector.AUS trojan (cleaned by deleting - quarantined) 1475A098BEAC13F643640A8E9DD33878C33D74CD C
C:\Users\Zol7y\AppData\Local\Temp\80403.exe a variant of MSIL/Kryptik.GY trojan (cleaned by deleting - quarantined) 5FF570EA11BC2AB07C722E007BE0AAB1C778A5E6 C
C:\Users\Zol7y\AppData\Local\Temp\panmap.exe a variant of MSIL/Injector.AUS trojan (cleaned by deleting - quarantined) 1475A098BEAC13F643640A8E9DD33878C33D74CD C
C:\Users\Zol7y\AppData\Local\Temp\rtscom.exe a variant of MSIL/Kryptik.GY trojan (cleaned by deleting (after the next restart) - quarantined) E4804BF3229B1B7B04BAE1B967414584940AA934 C
C:\Users\Zol7y\AppData\Roaming\IDM\DwnlData\Zol7y\www1clickdownloader_com_157\www1clickdownloader_com Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) B481F402BB237D8AC83EEACF74327D11DB35A92D C
C:\Users\Zol7y\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe MSIL/Agent.NUQ trojan (cleaned by deleting - quarantined) 52DBDE13A68BF47C3DB777F2F8AC2023DCBCF8E7 C
C:\Users\Zol7y\Downloads\Call of Duty Black Ops 2 Repack\setup.exe a variant of MSIL/Kryptik.GX trojan (cleaned by deleting - quarantined) 41BB2E7DF44275263B3E1942251C1499D3B7DCD7 C
C:\Users\Zol7y\Downloads\Programs\Afreecodec_downloader_For_Microsoft_Office_Outlook_2007.exe a variant of Win32/BSDownloader application (cleaned by deleting - quarantined) A927389E550EA620464848270DA94282FC474A33 C
E:\PROGS\Media Player Codec Pack 4.0.1\media.player.codec.pack.v4.0.1.setup.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 9D64944DFFE900E122471CA4D795EF18A72B8226 C
E:\PROGS\Nero_9.4.12.3_Free\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 808D325AF468EC98A52342496BFD0A9062A446B9 C
${Memory} Win32/Ainslot.AA worm 0000000000000000000000000000000000000000 I
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~]]> http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791600 Wed, 05 Dec 2012 16:47:38 EDT http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791595 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zol7y\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 12.53% Memory free
5.99 Gb Paging File | 0.86 Gb Available in Paging File | 14.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151.56 Gb Total Space | 14.41 Gb Free Space | 9.51% Space Free | Partition Type: NTFS
Drive D: | 63.48 Gb Total Space | 4.72 Gb Free Space | 7.43% Space Free | Partition Type: NTFS
Drive E: | 69.79 Gb Total Space | 5.39 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Drive F: | 13.06 Gb Total Space | 0.10 Gb Free Space | 0.77% Space Free | Partition Type: NTFS

Computer Name: ZOL7Y-PC | User Name: Zol7y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Zol7y\AppData\Local\Temp\4STXSJGIO3.exe" = C:\Users\Zol7y\AppData\Local\Temp\4STXSJGIO3.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Zol7y\AppData\Local\Temp\4STXSJGIO3.exe" = C:\Users\Zol7y\AppData\Local\Temp\4STXSJGIO3.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2261024C-BCB5-4A72-86C3-7127E4117C70}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2BD07620-9B59-4BEE-AC63-44E9E71277F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BD92B64-D276-4CF5-918B-C269423FA1BB}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{3D688077-1C56-4E1F-B68B-8B9196F6FB14}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{42CEB35A-30B3-4B53-B134-6BAAEADF1A93}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4B4924D6-EC16-4F47-8D45-1BE6197E3E60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F65A85C-8027-4778-B66F-F8C1C3B89F38}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{700E6ADD-E1CE-4DB9-8D31-2904CF799748}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{736A4531-79F2-4DA0-8B92-00CAC0807272}" = rport=2869 | protocol=6 | dir=out | app=system |
"{83E59C55-10CF-49DD-9796-0CD171857EB9}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{92A323D8-6F4A-4C00-88D2-A685AF0DD1C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{990EFA3A-1808-4095-A20D-DC499915CC9F}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{D3B73B3E-00F6-4F79-99B9-466FA0E312C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D9FD5EC3-82C4-4457-952E-62134FFB4172}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{DA409BE2-3FF2-4682-B10B-BE28D25EC11A}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EBAC2A-ED4D-4AD2-9615-831803625D98}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{022B444D-1116-4DF0-9FB5-10128ABC77B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{03B20B31-44D4-468D-ACBC-7C28D9EB9BC3}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{071A28B3-6556-48F3-A350-9B6638EAD892}" = protocol=6 | dir=in | app=c:\need for speed most wanted - criterion\nfs13.exe |
"{0E90E482-663E-42C2-9541-DEEF4403A986}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0F0A06E6-9BB9-443F-A886-1BCB5F361D77}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{10C4001E-007A-4596-8651-48D30BE303B7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{1192D2A8-1769-484D-B337-1C275F6EC627}" = dir=in | app=c:\programdata\hi\hiplayer\playerwebinstaller_hi.exe |
"{11B1308B-6CF4-4CE3-BB12-0CC8AB2C3317}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{160F8EF7-B96D-4B08-96C1-F4165111B864}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{164F9BAE-4BE4-4711-AA48-DB7FEF1764FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{195882FC-EBDC-437F-9854-7440A1D7B373}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1981D31F-5773-4186-A6A0-A219CAF0745B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2B72251C-FB63-4CFC-BD66-69BD4A3F5773}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C63D1D0-962E-4766-B7CD-E835A873329D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{353438DA-8DDE-4A71-B25F-0D573CFF2222}" = dir=out | app=c:\windows\system32\svchost.exe |
"{36037F45-9367-424A-8F9A-2BDF868E63CF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3773AD12-2FFC-4BFA-8983-D6B6DB129883}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{3BAA8D3C-29F7-435E-B790-482EF56ECD57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3E2E77F5-3841-4A0D-9C4F-A39BDB73E23B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{42A4FE1E-F74F-4622-B0A1-C1AC0F827A4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{45F28034-EECC-47D2-B23E-FC1565ED5731}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{51B890DB-5DD2-44AE-83A6-E868BE48F0C6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{5415C636-6C9D-4C02-90EF-AA85CED6A404}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{54238F76-1079-482C-9DCA-218EB37EEDC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{57E54EAA-1205-4CB0-B917-297A1DC8693F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58FF3396-6AD1-4C9F-80CC-50C7080DF154}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{599A906F-1A38-4B39-91FD-542FD0AA4F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{59A57DEE-2429-4D87-A7BF-6F723289B800}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{5B394935-604B-418F-8B17-C6A2ED208660}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{5EBC76BE-95B3-4426-91F5-1954FD5D8529}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5ED63A10-FF4A-4F2C-9AEE-5A634D51E794}" = protocol=17 | dir=in | app=c:\program files (x86)\hi\hiplayer\1.18.0.44\baidusetupax_0.exe |
"{6146AF1B-5E51-4173-8B64-523F01510298}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{62B5F02B-EE6E-4173-BB78-D760B2E761A1}" = protocol=6 | dir=in | app=j:\need for speed most wanted - criterion\nfs13.exe |
"{6467FF55-9A3E-477E-BFD8-4C73913AD6C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{66B78B25-5BE1-4480-9D04-83C8B404176D}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{677ED00A-28C3-4C6F-8CFB-91AE0AC57E20}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{691C0257-0966-472E-B76A-DE2EC5AE82AA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{6AA9B192-9411-435A-8341-5F4D89FB6571}" = protocol=6 | dir=in | app=c:\program files (x86)\hi\hiplayer\1.18.0.44\baidusetupax_0.exe |
"{6C938BC7-F24D-43D3-BC14-ECE20031C1F9}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{6D76BF59-67FF-49F8-8870-1E71785ACBCB}" = dir=in | app=c:\programdata\hi\hiplayer\hiupdate.exe |
"{6D9F1279-349C-4B9C-8E82-EDF6EC746ED0}" = dir=in | app=c:\program files (x86)\hi\hiplayer\1.18.0.44\statreport.exe |
"{77BF7700-3356-4BCB-BFDB-F7E985B91CEC}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{78808460-1F6F-4E60-9CCF-380095700A48}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{7E902D4D-D7D5-4236-8672-D02107EFA487}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{85C0541B-45AB-4885-874E-3BF281D704ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{88A066FF-185F-46FE-B3EC-F349C51754FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{8B54BEF4-A2C2-4A48-9AE1-6B4F34B81CD3}" = dir=in | app=c:\users\zol7y\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8BC955AE-FC6C-4C82-A979-9BA79304F53E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F10373A-7D1D-4797-993E-B4284EC75EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{8FA2759A-F5B8-46E4-AB0F-45DFE42FC2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{929B8D58-F6DA-4409-8CBC-02A1E0BB6684}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{98EF5134-A628-4872-AB19-627660DBFF60}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9A5FFEDE-A89F-4998-9978-40EBD209DDB8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{9CCE7725-B726-47C6-AA7B-37B400956B78}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe |
"{9E1886BC-457F-4513-9B44-D941145CECA0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9EEDAC1F-51C0-4A83-9B26-F715F3F19390}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |
"{9F4FEA65-8DD6-4038-AEC9-912753F558EF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A0D6DFE9-259F-499A-A49A-33BBDEDE3ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{A79B363B-B74C-461C-B057-6E7AB751626B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{AE3CD933-5C01-40D7-8539-AF5FA721FD44}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B0290A47-7EE4-4A72-B339-1D47DA924917}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B06F1158-2D39-4F52-AFA6-331A39D2E646}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B7797D09-20D5-483F-90CF-CC1C52407280}" = dir=in | app=c:\program files (x86)\hi\hiplayer\1.18.0.44\hip2pservice.exe |
"{B9916BFF-F02E-47D2-B0A5-D31A9698D2D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C0B9BCF9-DC8E-49CD-ACCC-F5704F1D02D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |
"{C433D0CD-80F5-48B9-98E8-139677130821}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C537C23E-C50A-4CD1-AC7F-F530C63EA993}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3813448-8A76-4891-A091-7AC772B073D6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{D63BB1E6-CFC2-4DF4-9939-DF5E1991DF48}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D7C7631D-EEBB-44B8-856C-C905B4A4386B}" = protocol=17 | dir=in | app=j:\need for speed most wanted - criterion\nfs13.exe |
"{DB57E2CB-5F06-4244-9E0C-FFAC05F97CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DC50252E-8886-4E5C-87C3-C5F8E348E356}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{E23FC593-CDEE-433E-86D9-CC51067E0E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E5EF8D65-9ADF-49B1-B254-E9AB78BED76A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{ECE8D6BE-1B80-4CB9-910B-8F4D9481635F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{EEE1B8D5-BD55-4A05-B6C2-05B9FE6B9C59}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{F2AE8073-B225-4E79-B6B5-1205E3EDE474}" = dir=in | app=c:\program files (x86)\hi\hiplayer\1.18.0.44\hiplayer.exe |
"{FA6E81A9-EF7A-4223-942C-B70B8C4DBC85}" = protocol=17 | dir=in | app=c:\need for speed most wanted - criterion\nfs13.exe |
"{FB0ED7CA-FB8E-48B5-809D-465FB29A1A29}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{FFBE7EE2-ADE8-485D-A6AA-BD12F342BBC2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"TCP Query User{01D9795F-8C42-4A61-9ECC-ACE24FD382AE}C:\program files (x86)\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"TCP Query User{1353D98D-F662-49DC-ADE9-E9DF7CDAA0FE}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{2E139E10-D8C0-4B99-9E56-78EC4D34514B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{5E0FB4BE-82DA-4A4E-9BB4-0F9DF85C7F0C}J:\need for speed most wanted - criterion\nfs13.exe" = protocol=6 | dir=in | app=j:\need for speed most wanted - criterion\nfs13.exe |
"TCP Query User{7A8FEA99-0108-407A-A555-97AD0C547DF2}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{8E3D7570-556C-421C-AA60-217E7C1E0CA0}C:\westwood\ra2\game.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\game.exe |
"TCP Query User{A2F091C5-663E-448F-863B-C4DADA476540}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{C0AB5CBD-8BEB-489B-BC12-835C722AF479}C:\assassinscreedbrotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\assassinscreedbrotherhood\acbsp.exe |
"TCP Query User{FB07933A-DACB-4B93-84EA-8F4A49420A00}C:\need for speed most wanted - criterion\nfs13.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted - criterion\nfs13.exe |
"TCP Query User{FD00D168-CABF-4D42-BB6D-AEFA166C2C8E}C:\assassinscreedbrotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\assassinscreedbrotherhood\acbsp.exe |
"UDP Query User{19A537F5-6A5D-4E38-A2D3-B046F257CFCE}C:\assassinscreedbrotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\assassinscreedbrotherhood\acbsp.exe |
"UDP Query User{22BD04DC-B42E-4E20-B8C7-E615914BD752}J:\need for speed most wanted - criterion\nfs13.exe" = protocol=17 | dir=in | app=j:\need for speed most wanted - criterion\nfs13.exe |
"UDP Query User{418EC8CB-EEBB-4123-AAF2-C2C50900BEA7}C:\need for speed most wanted - criterion\nfs13.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted - criterion\nfs13.exe |
"UDP Query User{78DBC075-CFA6-4B38-BC1F-B96CB9EA5154}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{7ED8471A-B4CF-4BB6-9D45-DD26ACB9365C}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{9C8825F5-2002-46F0-A03A-5B64252C57EF}C:\assassinscreedbrotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\assassinscreedbrotherhood\acbsp.exe |
"UDP Query User{ACB6E9DF-ADED-4446-8078-BBE99C2799FC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{CB630275-B35C-4095-A0C3-4C3627C47C0E}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{E735B027-77AC-4290-8BF8-6E4D7F82FE51}C:\program files (x86)\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"UDP Query User{E924563B-32C3-41C2-A1E1-01FD8010FD05}C:\westwood\ra2\game.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\game.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{16AD84C0-E7A0-F64D-D55A-15D274C4439A}" = ccc-utility64
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{83715090-142B-D305-36EC-7538A007D336}" = ATI Catalyst Install Manager
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"Connectify" = Connectify Hotspot
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27B0C2FD-9739-8D7D-6552-307C786D9097}" = Catalyst Control Center InstallProxy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{38022B5C-0C69-389F-DA48-B87480B5705A}" = CCC Help Turkish
"{3BBBF379-6C7E-0985-18F6-6C60D6C36EC6}" = CCC Help Portuguese
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2F56AC-C043-C84F-3EF1-E6D6F21E934F}" = Catalyst Control Center Graphics Full Existing
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F2C2E34-5A3E-0E70-BDFC-A5B1E3C2FFAC}" = Catalyst Control Center Graphics Light
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{532715CE-CFD6-E4F8-53C3-2F1DE31C04DA}" = CCC Help Hungarian
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{558CC8A3-F1A2-9C31-7B90-F61E476B8622}" = CCC Help Dutch
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D76ABD5-262B-6D65-6C13-F38175C7A5AF}" = CCC Help Korean
"{5D92E608-E454-0C8C-D577-7F7C06151117}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79EECA21-CDFA-6012-5E8B-6CF2623D647A}" = Catalyst Control Center Graphics Full New
"{7BE6BC10-6737-CD9D-8363-F919B8D6D917}" = Catalyst Control Center Core Implementation
"{80FBA7A7-ABD1-4910-A916-023075C45593}" = CCC Help Danish
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8797DE34-22BC-CA33-6B67-A0CC2765B545}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89D1C17B-90DE-650A-073A-A7FA7BC6ECE5}" = CCC Help French
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8C664716-FD23-9902-A29E-863D056F46FC}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F36B221-F483-B7CE-4DDA-7BDA4D81E306}" = CCC Help English
"{8FB16749-1235-D027-AF25-1D22A9FEC0D5}" = CCC Help Thai
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A3A4DE-656A-5C7A-5B61-75FB6D167A6A}" = CCC Help Polish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDB805A-E11C-8842-2393-FDFDA17963AC}" = CCC Help Chinese Traditional
"{A16D1BBD-BE86-0183-4152-2E85FECC31F7}" = CCC Help Finnish
"{A19856E3-C9D7-988E-5B8C-70C87342B8DD}" = Catalyst Control Center Localization All
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD777154-A573-4FCA-C730-D7C33437262C}" = CCC Help Czech
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B66D2CC9-652D-EBE5-497F-74BBC1029FB4}" = CCC Help Japanese
"{B6A4D07E-725F-07CD-DE49-8AB76939631D}" = CCC Help Norwegian
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BF930A5D-4F36-5158-C8DA-DECD5B51A78E}" = CCC Help Chinese Standard
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6FCE95C-0072-40C0-9AB2-3EF88DA6CED9}" = Catalyst Control Center Graphics Previews Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF166A93-835F-DF13-E974-FD73E8D7F4F6}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09F7D2B-C1C1-D80B-7775-6FFE9D713C60}" = CCC Help Spanish
"{E26EEBF8-3A50-8095-5877-AE243C8852EF}" = Catalyst Control Center Graphics Previews Vista
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EC8049FF-B0E3-A963-408C-1B1D8F20DD55}" = CCC Help Italian
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD1D88FA-E5E0-BA76-73C8-7362E9703842}" = ccc-core-static
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Call of Duty Black Ops 2_R.G. Mechanics_is1" = Call of Duty Black Ops 2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.78
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Internet Download Manager" = Internet Download Manager
"JCreator LE_is1" = JCreator LE 5.00 Trial
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MP3 Cutter_is1" = MP3 Cutter 1.1.1
"NetCutDefender_is1" = NetCutDefender 2.1.5
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Red Alert 2" = Command & Conquer Red Alert 2
"RocketDock_is1" = RocketDock 1.3.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/22/2012 11:18:00 PM | Computer Name = Zol7y-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186

Error - 11/22/2012 11:18:00 PM | Computer Name = Zol7y-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186

Error - 11/22/2012 11:18:02 PM | Computer Name = Zol7y-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2012 11:18:02 PM | Computer Name = Zol7y-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2387

Error - 11/22/2012 11:18:02 PM | Computer Name = Zol7y-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2387

Error - 11/23/2012 8:56:06 AM | Computer Name = Zol7y-PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2012 9:15:46 AM | Computer Name = Zol7y-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/23/2012 9:36:06 PM | Computer Name = Zol7y-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000028359
Faulting
process id: 0x1454 Faulting application start time: 0x01cdc7873f37b6f4 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 4ff9ff98-35d7-11e2-9f4a-00247eed1834

Error - 11/23/2012 10:28:50 PM | Computer Name = Zol7y-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/24/2012 2:20:16 AM | Computer Name = Zol7y-PC | Source = Google Update | ID = 20
Description =

[ DigitalPersona Pro Events ]
Error - 4/22/2012 6:45:27 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/29/2012 11:53:45 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/29/2012 11:53:47 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/29/2012 11:53:49 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/29/2012 11:53:58 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/30/2012 12:06:39 AM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/30/2012 12:06:43 AM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/30/2012 12:10:33 AM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/30/2012 5:40:48 PM | Computer Name = Zol7y-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Hewlett-Packard Events ]
Error - 4/10/2012 3:28:03 PM | Computer Name = Zol7y-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 4/10/2012 3:28:52 PM | Computer Name = Zol7y-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 9/25/2012 11:48:32 AM | Computer Name = Zol7y-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 10/16/2012 3:40:50 PM | Computer Name = Zol7y-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ OSession Events ]
Error - 6/8/2012 11:33:46 PM | Computer Name = Zol7y-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 25027 seconds with 600 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 12/3/2012 8:12:34 AM | Computer Name = Zol7y-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/3/2012 11:00:18 PM | Computer Name = Zol7y-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 12/3/2012 11:00:18 PM | Computer Name = Zol7y-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Hotspot Shield Service service,
but this action failed with the following error: %%1058

Error - 12/3/2012 11:01:32 PM | Computer Name = Zol7y-PC | Source = Service Control Manager | ID = 7030
Description = The Hotspot Shield Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 12/3/2012 11:01:38 PM | Computer Name = Zol7y-PC | Source = Service Control Manager | ID = 7034
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/4/2012 10:55:38 AM | Computer Name = Zol7y-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/4/2012 6:08:55 PM | Computer Name = Zol7y-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/5/2012 12:44:00 AM | Computer Name = Zol7y-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/5/2012 10:29:54 AM | Computer Name = Zol7y-PC | Source = DCOM | ID = 10010
Description =

Error - 12/5/2012 11:29:29 AM | Computer Name = Zol7y-PC | Source = Service Control Manager | ID = 7034
Description = The Arp Intelligent Protection Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~]]> http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791595 Wed, 05 Dec 2012 16:47:01 EDT http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791587
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zol7y :: ZOL7Y-PC [administrator]

Protection: Enabled

12/5/2012 5:39:04 PM
mbam-log-2012-12-05 (17-39-04).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429411
Time elapsed: 1 hour(s), 20 minute(s), 39 second(s)

Memory Processes Detected: 5
C:\Users\Zol7y\AppData\Local\Temp\65190.exe (Heuristics.Shuriken) -> 1292 -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\panmap.exe (Heuristics.Shuriken) -> 2992 -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\keerxjnir.exe (PUP.BitMiner) -> 3060 -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\hnjotyqju.exe (PUP.BitMiner) -> 5660 -> Delete on reboot.
C:\Users\Zol7y\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe (Trojan.Agent) -> 3460 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdobeUpdate (Trojan.BitMiner) -> Data: wscript "C:\Users\Zol7y\AppData\Roaming\Adobe32\invis.vbs" "C:\Users\Zol7y\AppData\Roaming\Adobe32\bat.bat" -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activex Application Updater (Trojan.Agent) -> Data: C:\Users\Zol7y\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Zol7y\AppData\Roaming\Adobe32 (Trojan.BitMiner) -> Delete on reboot.

Files Detected: 38
C:\Users\Zol7y\AppData\Local\Temp\65190.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\panmap.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\keerxjnir.exe (PUP.BitMiner) -> Delete on reboot.
C:\Users\Zol7y\AppData\Local\Temp\hnjotyqju.exe (PUP.BitMiner) -> Delete on reboot.
C:\Program Files (x86)\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM3T74OS\ccpm[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Zol7y\Downloads\Programs\SRS_Audio_Sandbox_64_downloader.exe (PUP.MediaFinder) -> Quarantined and deleted successfully.
D:\Assassins.Creed.2.Multi.9.CloneDVD.PC.DVD\skidrow\Assassins_Creed_II-crack-SKIDROW-OsOsy\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
E:\PROGS\AVS Video Converter 8.0.4.495\avs4you.all.products.activator.2011.(v1.1)-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
E:\PROGS\DFX Audio Enhancer 9.304\DFX Audio Enhancer 9.304\Keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\PROGS\DFX Audio Enhancer 9.304\Keygen DFX Audio Enhancer\Keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\PROGS\Internet Download Manager v6.10 build 2\New Patch IDM\PATCH a.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
E:\PROGS\Internet Download Manager v6.10 build 2\New.pa.myegy.com\باتشات قديمة\استخدم هذا الباتش اولا\SnDk&p.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
E:\PROGS\Internet Download Manager v6.10 build 2\New.pa.myegy.com\باتشات قديمة\ثم استخدم هذا الباتش\Patch .xx 2.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
E:\PROGS\Internet Download Manager v6.10 build 2\New.pa.myegy.com\باتشات قديمة\ثم استخدم هذا الباتش\Patch 6.xx.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Local\Temp\Winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Zol7y\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> Delete on reboot.
C:\Users\Zol7y\AppData\Roaming\Adobe32\miner.php (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\API.class (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\bat.bat (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\diablo120823.cl (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\diakgcn120823.cl (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\example.conf (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\invis.vbs (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\libblkmaker-0.1-0.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\libblkmaker_jansson-0.1-0.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\libcurl-4.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\libjansson-4.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\libusb-1.0.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\pdcurses.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\phatk120823.cl (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\poclbm120823.cl (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\pthreadGC2.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\scrypt120823.cl (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\svchost.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Adobe32\zlib1.dll (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Zol7y\AppData\Roaming\Microsoft\Windows\Templates\MsCtfMonitor.exe (Trojan.Agent) -> Delete on reboot.

(end)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~]]> http://www.dslreports.com/forum/Re-my-labtop-has-been-hijacked-27791587 Wed, 05 Dec 2012 16:46:15 EDT http://www.dslreports.com/forum/my-labtop-has-been-hijacked-27791571

checkup.txt 1,326 bytes	Extras.Txt 101,618 bytes	log.txt 2,965 bytes
mbam-log-201···-04).txt 13,272 bytes

]]> http://www.dslreports.com/forum/my-labtop-has-been-hijacked-27791571 Wed, 05 Dec 2012 16:41:51 EDT