dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2403
share rss forum feed


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN

Issues with pop ups/adware

Click for full size
Click for full size
Click for full size
I have been getting these pop ups constantly and have followed the steps required. attached are some screen shots of a few of them. Some were from bizzcoaching.info but now they say cloud connect. any help would be appreciated.
--
I know you think you understand what you thought I said, but I am not sure you realize what you heard is not what I meant. Nixon


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.04.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home office :: HOMEOFFICE-PC [administrator]

8/4/2013 11:30:17 AM
mbam-log-2013-08-04 (11-30-17).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 921785
Time elapsed: 5 hour(s), 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
F:\home office_Backup\2012-03-01_15-27-56\Memeo\2012-03-01_15-27-56\C_\Users\home office\Downloads\Firefox_Setup(1).exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
F:\home office_Backup\2012-03-01_15-27-56\Memeo\2012-03-01_15-27-56\C_\Users\home office\Downloads\Firefox_Setup.exe (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.

(end)
--
I know you think you understand what you thought I said, but I am not sure you realize what you heard is not what I meant. Nixon


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
reply to jkj860
# AdwCleaner v2.306 - Logfile created 08/05/2013 at 08:44:04
# Updated 19/07/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : home office - HOMEOFFICE-PC
# Boot Mode : Normal
# Running from : C:\Users\home office\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\comcasttb
Deleted on reboot : C:\Users\home office\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\home office\AppData\Roaming\Mozilla\Firefox\Profiles\9ozh2qoq.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\home office\AppData\Roaming\Mozilla\Firefox\Profiles\9ozh2qoq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\home office\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2771 octets] - [22/07/2013 10:04:00]
AdwCleaner[R2].txt - [11657 octets] - [22/07/2013 10:04:34]
AdwCleaner[R3].txt - [1884 octets] - [05/08/2013 08:43:25]
AdwCleaner[S1].txt - [26575 octets] - [29/07/2013 11:05:19]
AdwCleaner[S2].txt - [1844 octets] - [05/08/2013 08:44:04]

########## EOF - C:\AdwCleaner[S2].txt - [1904 octets] ##########
--
I know you think you understand what you thought I said, but I am not sure you realize what you heard is not what I meant. Nixon


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
reply to jkj860
downloadOTL.Txt 177,724 bytes
File was too large to copy & paste.


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
reply to jkj860
OTL Extras logfile created on: 8/5/2013 9:19:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home office\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.13% Memory free
16.17 Gb Paging File | 13.55 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.80 Gb Total Space | 293.54 Gb Free Space | 42.86% Space Free | Partition Type: NTFS
Drive D: | 13.69 Gb Total Space | 1.41 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 904.11 Gb Free Space | 64.71% Space Free | Partition Type: NTFS

Computer Name: HOMEOFFICE-PC | User Name: home office | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CE D1 DC 6A D3 EA C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17B05840-7152-4766-91A6-E50F9DFADAC2}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BE54F62-176B-4512-964B-A66A24E042FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E3CA21F-0699-4692-99CD-5EC35F521B32}" = lport=138 | protocol=17 | dir=in | app=system |
"{2E85C449-CE0C-49C0-8DA2-837347B87003}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{71B6D6CC-0045-40EB-96DB-B19CD5BF2250}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79CD122E-6CD7-4BB3-BA1E-FB32E53D5213}" = lport=137 | protocol=17 | dir=in | app=system |
"{7AB38798-71B2-4AF2-A4A7-D0C0B160BB82}" = lport=139 | protocol=6 | dir=in | app=system |
"{94722BEC-208F-438F-8682-90D8158C86A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{97B2F0EC-3E33-4336-AA3E-52466CA2FB0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A59C6B6A-4092-4682-8A21-76D3D2AFD6DF}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{A9838BDB-85D3-4983-990A-205C1431CEBD}" = rport=137 | protocol=17 | dir=out | app=system |
"{AC8FC630-3716-4EEA-9E94-43E1356ED8D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE82FE88-7A66-4DA8-97FC-9DC321496C28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE8F4E68-DB89-46B4-B02F-A5D0040880F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{BAC9D8C4-B4AB-42A8-96D9-7D15F60F0E26}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C8599463-80C7-4789-A83E-BC91483A20D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D21262CC-A51A-4C1D-AFAF-B32BA7BE4716}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB0D1C7E-BFBD-4961-A93B-EF6E72A39798}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F241FA4E-03F8-443A-BDBC-188C3B32E11A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5B69E20-47F1-4097-AE16-3A17E8728100}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9FDEFCE-33C2-41AC-B6F7-0ABE8AEF727F}" = rport=139 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0288A178-788C-4EB6-A0FB-FBE7A8513681}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{03D33979-9C82-4A29-A8A6-CC336BA52009}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0412C965-DBE9-4994-8344-127B3B7C45B1}" = protocol=6 | dir=in | app=c:\program files (x86)\socialribbons\troubleshooter.exe |
"{05191040-57CB-45A9-9D21-A5CA63FF18E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1103EA0C-691F-46EE-B731-0CCBCECD452F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{12717AAD-B788-4ABF-88FF-4AB48746AC05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12B88403-AB53-44EB-8184-619F53010071}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1BCC3807-6610-4380-96DB-E71C52C1E11B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{200B68BD-43DF-4154-B765-6D987352E8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\socialribbons\troubleshooter.exe |
"{2219DC56-5ABF-4E02-9CA7-90420950DC3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2317CE63-6F53-450C-BFE4-2EFCF6EED114}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{25FA2F57-7010-4ABE-9F28-A9D7243F8B02}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{26481043-8F9E-4DBF-874E-D0FF58A325B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{341A9394-7C80-443E-BAFF-08A0BAF4A1F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{348D58FB-37EE-4754-A401-0C69805279F3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A3D1EF5-0A55-4850-AEA0-92C2CD69EF71}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{43BE7837-A58C-4428-A416-67A2ECE15A23}" = protocol=6 | dir=out | app=system |
"{44E7B5FD-C1C0-4385-8DE2-586A68AA2555}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{458D0CEA-ECD2-42FF-B3D5-C3C821380C4B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{45FC5158-B63D-48D8-97BB-2B8687345A39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4DF5CE04-18A0-4705-AF35-95CAE5217AA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F0B069F-8F17-47BB-8200-5CB4671A697B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51476E86-C300-4C71-B2B4-14716E20880C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5330579D-1B85-4D84-94DC-271B8C7F05C2}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{57E7B130-1C8C-40F8-94AC-2F52E7AC9896}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5B602E85-000A-478D-8661-0D0F08F78B4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{5E8D74DF-11FA-4406-B451-222329C061AF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{664098E1-6D60-44B9-BA1F-7E62CACC109B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{67C98259-9D48-4ADA-8EC9-EC4EE8ED09F9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{67EE664B-CA09-467B-A679-F4FF68E67998}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdgold 2013\helper.exe |
"{6B0C6614-E940-415C-A65F-BFB2BA461D0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72BE3220-A098-4168-8201-87E5D3506101}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{786AF20C-7BB3-4DED-B489-7565F76C24D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{78956049-545B-4FFE-88DB-C7DA78013C36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7E518ACA-61F5-47EC-81DE-18287374403A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7F6510E1-D1B3-4C2B-8407-BFB4302937DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F960D82-6B25-49DE-8536-20F7D574139A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8435AAA0-0FC6-4B2A-AA21-A10CD40C07E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F8A94D1-C587-40BC-A98E-95E18025E72C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{97E339BF-A508-49C4-A42E-23B767FDCC57}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{9BC2D542-7AAB-481A-AAD6-AEBAFD38AB91}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{A2D39EEF-8299-45AA-816A-CABE7EA058C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A87272EC-5516-4AB2-8AEB-570F4F10F45B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB5C935B-8DFD-4A6A-A031-38883FAC43A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B53408BB-FD64-4AEC-806C-E90092DF2CBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5EA688D-05FB-4984-8465-2A5270220C07}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{B97A5E9C-C2BE-4833-8C98-20F95225321E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD33E2BA-57C0-4C0A-B4EA-32C3B8BCD3F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE053710-0600-4DD9-9D14-D2FBEEA7FD13}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C271A63E-0F5D-4905-9061-FB9CC550F0A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C71D7F29-8B6A-4961-BACD-BC22B35CC23B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C7871383-54AA-4F5F-A005-C409CB781F0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CAE760F4-8CFF-4584-8F8B-3803484A0A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE941C23-DF28-45F3-9610-E1FB685A8007}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF1A195A-5137-4E6B-8B7D-5F256B83D619}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdgold 2013\helper.exe |
"{D003672C-972D-4E68-89FF-F47D6E81983C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D1DF1B15-C65B-4200-8277-502A741978EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3A3D219-45DB-46D1-8E30-0DD01EBE5FAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB4AC16C-9571-462B-A715-B6297252965B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD13F415-388A-416B-9D9C-2E6D7ADE227E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDD9DF47-408C-498A-AA4A-286153D2AAD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F5CC0416-752D-4F8F-8BC0-59F73D2DE1A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7731A5F-2FF2-4FC1-8E6B-CA8D8613DCC6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F986031E-939D-4573-94EB-85830CBF6E35}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F9B8A255-AA26-495D-AAAB-D19E122CE405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FBDFC305-BC01-420F-85E3-8DBCAAAB7836}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{0365B3CB-97E1-4AF1-8437-8CBA20EC6354}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{37DE54AB-0D4F-4F60-B6C8-F4AF6E83F2F9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6237C1E7-EEC0-40B7-8144-233EA75EED31}C:\users\home office\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\home office\program files (x86)\dna\btdna.exe |
"TCP Query User{EAC7FEA8-80CE-4D20-8D98-4ADD62AFD73E}C:\users\home office\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\home office\program files (x86)\dna\btdna.exe |
"UDP Query User{3D88207C-9D7B-4086-868C-7D93E0368118}C:\users\home office\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\home office\program files (x86)\dna\btdna.exe |
"UDP Query User{6EFA2382-8D40-4697-A24C-0D3C0BA5B851}C:\users\home office\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\home office\program files (x86)\dna\btdna.exe |
"UDP Query User{801B375D-3878-4180-8FA5-D2A019DFB06D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9D63E0FA-1F15-4556-B2FA-FF36DFBC6FFA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}_is1" = WBC Engine 2.0.0.429
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4044201A-8576-2999-1166-96C5593F3CFF}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7E5BEF96-0293-442B-B344-62902D302522}" = RawPacketDriver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}" = muvee Reveal
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C398D39-BB35-4AF3-8306-79BEC4AC94A6}_is1" = Listen to YouTube 2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{944167EA-7F89-4705-8DCD-1D63B53141B0}" = Ad-Aware Antivirus
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97099A77-2CD0-4C2C-8931-7F0B73CFE0FA}" = SoftMCE Encoder
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D44A1FA-ED59-47D4-B1C2-4E561D8BFEEB}" = Wal-Mart Digital Photo Manager
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5CC7EA-DF66-B0B4-8E71-D2041EE36BB7}" = XFINITY Caller ID
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = MediaSmart DVD
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ARO 2011_is1" = ARO 2011
"Blender" = Blender (remove only)
"Blockland" = Blockland
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = XFINITY Caller ID
"comcasttb" = Comcast Toolbar 3.0
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Digital DJ Pro" = Digital DJ Pro 1.7.0
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.7 (06/02/2013) Qt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fallout New Vegas_is1" = Fallout New Vegas
"FoxTab PDF Converter" = FoxTab PDF Converter
"Fraps" = Fraps
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mavis Beacon Teaches Typing 17" = Mavis Beacon Teaches Typing 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"N360" = Norton Security Suite
"New LEGO Digital Designer" = LEGO Digital Designer
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PunkBusterSvc" = PunkBuster Services
"Red Alert 2" = Command & Conquer Red Alert 2
"SocialRibbons" = SocialRibbons
"Speed Dial Utility" = Canon Speed Dial Utility
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TuneAid_is1" = TuneAid 3.6
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WT087863" = Star Defender 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for home office
"{B805FF17-92FE-4757-8142-F0A2850DFE03}" = ROBLOX Studio for home office
"BitTorrent DNA" = DNA
"JoinMe" = join.me
"Move Media Player" = Move Media Player
"Upromise TurboSaver" = Upromise TurboSaver (remove only)

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 8/4/2013 1:19:54 AM | Computer Name = homeoffice-PC | Source = VSS | ID = 8193
Description =

Error - 8/4/2013 12:17:27 PM | Computer Name = homeoffice-PC | Source = AntiSpywareService | ID = 0
Description =

Error - 8/4/2013 12:18:46 PM | Computer Name = homeoffice-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2013 6:20:49 PM | Computer Name = homeoffice-PC | Source = AntiSpywareService | ID = 0
Description =

Error - 8/4/2013 6:21:08 PM | Computer Name = homeoffice-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2013 8:59:44 PM | Computer Name = homeoffice-PC | Source = VSS | ID = 8193
Description =

Error - 8/5/2013 9:44:54 AM | Computer Name = homeoffice-PC | Source = AntiSpywareService | ID = 0
Description =

Error - 8/5/2013 9:47:39 AM | Computer Name = homeoffice-PC | Source = AntiSpywareService | ID = 0
Description =

Error - 8/5/2013 9:48:31 AM | Computer Name = homeoffice-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/4/2013 6:24:59 PM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10010
Description =

Error - 8/4/2013 10:52:27 PM | Computer Name = homeoffice-PC | Source = Print | ID = 6161
Description = The document 2013-14 concussion_20130729084741.pdf, owned by home
office, failed to print on printer Canon MX340 series Printer. Try to print the
document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1507328. Number of bytes printed: 475196. Total number of
pages in the document: 3. Number of pages printed: 0. Client computer: \\HOMEOFFICE-PC.
Win32 error code returned by the print processor: 1. Incorrect function.

Error - 8/5/2013 9:44:46 AM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2013 9:48:26 AM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10016
Description =

Error - 8/5/2013 9:49:02 AM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10016
Description =

Error - 8/5/2013 9:49:06 AM | Computer Name = homeoffice-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/5/2013 9:50:47 AM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2013 9:51:52 AM | Computer Name = homeoffice-PC | Source = DCOM | ID = 10010
Description =

Error - 8/5/2013 9:53:09 AM | Computer Name = homeoffice-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/5/2013 9:53:09 AM | Computer Name = homeoffice-PC | Source = Service Control Manager | ID = 7000
Description =

--
I know you think you understand what you thought I said, but I am not sure you realize what you heard is not what I meant. Nixon


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
reply to jkj860
downloadeset log.txt 15,012,194 bytes


jkj860
The Final Frontier

join:2002-01-10
Valparaiso, IN
reply to jkj860
After running everything it is still getting the pop ups and it seems to be affecting the performance of the computer. IE is very slow to respond and many times it shows a meesage that it is not responding due to a long running script. I have several highlighted links showing on dslreports that when you hover over them ads appear too.
--
I know you think you understand what you thought I said, but I am not sure you realize what you heard is not what I meant. Nixon


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to jkj860
Hi jkj860

Do you have the Security Check log that you can post?

One thing you need to do is go to your Windows Mail and empty your Deleted Items folder.

I see you have an outdated and vulnerable version of Java installed. Do you actually require Java (most people don't). I recommend you go to Start > Control Panel > Programs and Features, and uninstall the following:
Java(TM) 6 Update 24

If you have a program or web site that requires it, you can reinstall it later.

Please download Malwarebytes Anti-Rootkit here:

http://downloads.malwarebytes.org/file/mbar
 

- Unzip the contents to a folder on the Desktop.
- Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

Please download Junkware Removal Tool to your Desktop.

- Disconnect from the Internet (unplug your connection to your router or modem).
- Please close your security software to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete, depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
- Restart your security software and reconnect to the Internet.
- Please post the contents of JRT.txt into your reply.

Download the Sophos Virus Removal Tool and save it to your desktop:

- Be sure to view the 3 short How-to videos on that page.
- Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
- Follow the prompts to accept the license agreement, and accept the default location.
- A message will appear "InstallShield Wizard Completed".
- Click 'Finish' to start the program.
- After it updates and a "Start Scanning" button appears in the lower right:
-- Disconnect from the Internet or physically unplug you Internet cable connection.
-- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
-- Temporarily disable your anti-virus and real-time anti-spyware protection.
- Click the "Start Scanning" button in the lower right to start the scan.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
- A log will be in the following location:
- Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
--for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
- 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
- Please post the log in your next reply.

After that, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.

Please post the two logs from Malwarebytes Anti-Rootkit, the log from Junkware Removal Tool, the log from Sophos Virus Removal Tool, the log from ComboFix, and the log from Security Check and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010