Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"A write command has failed to complete"


  • Please log in to reply

#1
Hunter11

Hunter11

    Member

  • Member
  • PipPip
  • 22 posts
Hello,

I am experiencing erratic behavior with my computer coinciding with multiple error messages cascading across the desktop. The error message reads as follows' "A write command has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address." This has been accompanied randomly by "Drive sector not found" and "write fault error" messages. I also see a message from what I assume to be the NVIDIA Catalyst software saying "catalyst control error".

Here is the OTL log from this computer:

OTL logfile created on: 10/25/2012 1:16:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = N:\Malware Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

17.99 Gb Total Physical Memory | 16.80 Gb Available Physical Memory | 93.37% Memory free
35.98 Gb Paging File | 34.73 Gb Available in Paging File | 96.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1276.24 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.66 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1397.13 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive M: | 238.73 Mb Total Space | 206.25 Mb Free Space | 86.39% Space Free | Partition Type: FAT
Drive N: | 14.90 Gb Total Space | 12.23 Gb Free Space | 82.07% Space Free | Partition Type: FAT32

Computer Name: WDOCTOR | User Name: Hunter | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- N:\Malware Tools\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/09 02:51:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/22 18:52:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/22 18:52:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/23 14:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS -- (ATIXPGAA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/02 18:29:09 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/18 09:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/06 06:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2012/10/05 14:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 21:51:15 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 21:51:15 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121016.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 23:24:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 23:24:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/22 15:59:35] [Kernel | Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...34,17117,0,18,0
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enUS456
IE - HKCU\..\SearchScopes\{8DF8ACC2-0942-4115-BA7A-55E5291240AD}: "URL" = http://search.yahoo....34,17118,0,18,0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/23 13:22:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/10/25 13:07:19 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [kDLpblkn8gUEut] C:\ProgramData\kDLpblkn8gUEut.exe ()
O4 - HKCU..\Run: [PDckxwbyiexT.exe] C:\ProgramData\PDckxwbyiexT.exe (EliteGroup)
O4 - Startup: C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.33.159.39 71.2.28.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2F5060-58D9-434B-B9A3-644DDE35CAEB}: DhcpNameServer = 208.33.159.39 71.2.28.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/08 13:01:40 | 000,025,600 | ---- | M] () - M:\AUTO INSURANCE.doc -- [ FAT ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 13:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:13:57 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012/10/24 21:04:56 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0420BABB-4AEF-4D8E-BD6A-8B1C099BDEE1}
[2012/10/24 21:04:30 | 000,431,104 | -H-- | C] (EliteGroup) -- C:\ProgramData\PDckxwbyiexT.exe
[2012/10/24 09:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{65B6609B-FB94-4947-8F8F-64DF64B98C5A}
[2012/10/23 21:04:33 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{9E3B6D7D-AF63-4767-998A-6CAB0CEE9CD4}
[2012/10/23 09:04:21 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{1CF32F5D-7B1E-4824-B505-F2BB2FF18F0F}
[2012/10/22 21:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{A1DF7B46-5D5F-4B65-860E-F3732D8F4A62}
[2012/10/22 09:03:58 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{04C28972-9820-433D-A1D6-9A50764C5978}
[2012/10/21 21:03:46 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{DAA0D7E6-8BD6-4526-9599-73B664B94041}
[2012/10/21 09:03:34 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D0771EDA-548F-48BE-9045-BC80A6E23991}
[2012/10/20 21:03:23 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E65CEDB2-2EE3-42F9-BF78-CEF3944907B6}
[2012/10/20 09:03:11 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{ED0D8FF5-9C49-412E-9FB0-C1CA8F0F546D}
[2012/10/19 21:02:59 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{3FFA9BB0-B8CD-46D9-8C60-339C4864BE6D}
[2012/10/19 09:02:47 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{7D6A7ECB-8487-4286-A261-2EFB793982BF}
[2012/10/18 21:02:36 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{02AD78C0-6972-46AD-91AA-206C17A7916A}
[2012/10/18 09:02:24 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{711DA1C5-506B-44E2-A949-2A1E327948D3}
[2012/10/17 21:02:12 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C2CE702A-8BF6-42D6-9F6F-4DB2431FB545}
[2012/10/17 09:02:01 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0A725743-3BF7-4A5A-88DC-18D7CEC9DF7B}
[2012/10/16 21:01:49 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E56F32F3-7DE3-4D09-964D-1DDE43514DED}
[2012/10/16 09:01:37 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{FCB6A699-77BE-406C-AE40-CF203E4370E4}
[2012/10/15 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{3431A34C-BBBD-4C80-855B-2988FCCFC7D4}
[2012/10/15 10:44:12 | 001,393,736 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_635.exe
[2012/10/15 09:01:14 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{4B1E6502-60F0-4F1C-9898-6FE1653965FF}
[2012/10/14 21:01:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{011D7936-7C2B-4BCD-99CE-24A48E2C7DB8}
[2012/10/14 09:00:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0BFD23EF-22CA-4CDC-AA19-FA1EE5B28FF7}
[2012/10/13 21:00:39 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{207405C3-37D2-47A7-A26F-FFA4DBB70425}
[2012/10/13 09:00:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{90BDF5D1-3104-4CE8-85ED-7AFFFD8B13C8}
[2012/10/12 15:07:35 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{A710B05E-2CC6-4345-8B9B-DD0EC6AB70F9}
[2012/10/12 03:07:24 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{EBBC6DEC-3D36-435D-BDA1-C53F0B08FC9D}
[2012/10/11 15:07:12 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{FCC8D865-2FFF-4CD7-A414-242F9DADAE6D}
[2012/10/11 03:06:48 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E16A11D4-67F9-4368-A244-21F2963B9B5A}
[2012/10/10 15:06:36 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{21A23F43-FCB0-4A1D-9D25-3E1BFE8E4BC3}
[2012/10/10 03:06:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{53DA64C1-AD3A-440F-8A53-F1C6090CC68F}
[2012/10/09 15:06:13 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D86CADE5-A891-4F75-B76B-7B736F79D01B}
[2012/10/09 03:06:01 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C32B827D-D169-4796-BCE5-534B2399F473}
[2012/10/08 15:05:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{8FFB7821-3CE9-4A5D-95B4-3D46269B2A34}
[2012/10/08 03:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E222DE90-C5A8-4D1A-9D89-4000610811B0}
[2012/10/07 15:05:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{791002A0-8C0B-4C65-B070-4E450E307E05}
[2012/10/07 03:04:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{AA6D49A7-DC76-46ED-82D7-304146CDE8E4}
[2012/10/06 15:04:38 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{16673F5C-2ED8-43CD-A046-57CE0C92A021}
[2012/10/06 03:04:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{956710BC-37A2-475D-B4A9-DAFB9D8CBAFE}
[2012/10/05 15:04:15 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8183AA5-82EE-49AA-B52B-7E79874EB22E}
[2012/10/05 03:04:03 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8195E91-2D2A-4A0D-B3F8-C25F306B8FF0}
[2012/10/04 15:03:52 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{87E3733F-10B5-4146-9500-909D5FA142AA}
[2012/10/04 03:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8D98117-32B1-4B3A-B849-C13C79A0792A}
[2012/10/03 15:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{485B5B71-B88B-48BE-A609-41B5224A5484}
[2012/10/03 03:03:14 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{475258EC-E43F-4169-A45A-712DE5F73011}
[2012/10/02 15:03:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{431CE661-6FD0-48D5-A339-606218F5435F}
[2012/10/02 03:02:51 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{2F75B5ED-6891-47D3-82E7-68500D92D09D}
[2012/10/01 15:02:39 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5CA37767-6914-4108-A5F1-C8258C7978A8}
[2012/10/01 03:02:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F72526AF-8F6D-471F-89EE-2BB1998AAE89}
[2012/09/30 15:02:16 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5D3D7394-BB90-425B-A755-A828FB716C4B}
[2012/09/30 03:02:04 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{96D8FA24-08FE-4F20-9808-705018AA9BF8}
[2012/09/29 15:01:52 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{38F0797D-5688-4413-9A97-884D4C7FF8D4}
[2012/09/29 03:01:41 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D336DF2F-F12C-4D64-AF86-8E44F625C0DD}
[2012/09/28 15:01:29 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D029A80F-B056-4768-9CA9-7A84D584B02E}
[2012/09/28 03:01:17 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C2DD82DD-87EA-422A-BFF6-83FCB6AAAB48}
[2012/09/27 15:01:05 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{2043B567-9280-4AE8-A2B7-D7183A4F59C5}
[2012/09/27 03:00:54 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{1D55A271-9DE4-47BD-B6F8-E95B4753CA42}
[2012/09/26 15:00:42 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5BA16EE0-CFD4-4FBC-8118-F1899F56EEAF}
[2012/09/26 03:00:30 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{7B25065F-A2EC-49EB-A213-5C9AF2E77030}
[2012/09/25 15:00:18 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{577D36BB-5395-4A01-8FD3-9E9B98BBF137}
[2011/09/24 15:34:33 | 001,393,736 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_626.exe
[2010/08/08 13:29:17 | 001,062,984 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_540.exe
[2010/05/03 17:38:02 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_438.exe

========== Files - Modified Within 30 Days ==========

[2012/10/25 13:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 13:09:47 | 1603,608,573 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 13:07:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:26:11 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 23:26:11 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 23:14:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:59 | 000,000,679 | -H-- | M] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | -H-- | M] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:13:57 | 000,000,368 | -H-- | M] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | -H-- | M] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:41:42 | 000,000,112 | -H-- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/24 21:39:22 | 000,344,064 | -H-- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:38:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/24 21:01:59 | 000,431,104 | -H-- | M] (EliteGroup) -- C:\ProgramData\PDckxwbyiexT.exe
[2012/10/24 20:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 22:58:04 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/19 22:58:04 | 000,670,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/19 22:58:04 | 000,124,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 16:52:04 | 012,362,130 | -H-- | M] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/11 14:54:32 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/06 20:21:31 | 000,002,743 | -H-- | M] () -- C:\Users\Hunter\Desktop\Virginia Cavaliers Message Board Forum - Wahoos247 Message Boards.lnk
[2012/10/04 22:16:48 | 001,993,772 | -H-- | M] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/04 22:16:40 | 002,151,695 | -H-- | M] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/09/30 13:46:09 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/10/24 23:14:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:58 | 000,000,679 | -H-- | C] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | -H-- | C] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:10:10 | 000,000,368 | -H-- | C] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | -H-- | C] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:39:22 | 000,344,064 | -H-- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:39:22 | 000,000,112 | -H-- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/18 19:53:02 | 012,362,130 | -H-- | C] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/13 13:52:35 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/06 19:37:31 | 001,993,772 | -H-- | C] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/06 19:36:05 | 002,151,695 | -H-- | C] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/08/23 12:19:11 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/23 12:11:50 | 000,033,290 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.JPG
[2012/08/23 12:11:37 | 000,027,197 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.0
[2012/08/22 18:22:32 | 000,031,386 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp50-1.JPG
[2012/08/21 18:12:15 | 000,110,223 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.JPG
[2012/07/24 18:56:49 | 000,031,073 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.JPG
[2012/07/24 18:56:49 | 000,024,804 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.0
[2012/07/14 09:05:52 | 000,293,543 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.0
[2012/07/14 09:05:52 | 000,109,566 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.1
[2012/06/20 21:15:43 | 000,670,961 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.0
[2012/06/20 21:15:43 | 000,660,160 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.JPG
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/23 11:12:30 | 000,033,134 | -H-- | C] () -- C:\Users\Hunter\AppData\Roaming\UserTile.png
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/12 12:25:28 | 003,453,299 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.0
[2011/03/12 12:25:28 | 001,624,138 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.JPG
[2011/03/12 12:21:42 | 002,766,251 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.0
[2011/03/12 12:21:42 | 001,240,376 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.JPG
[2011/02/08 18:01:17 | 002,979,513 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.0
[2011/02/08 18:01:17 | 001,381,893 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.JPG
[2010/12/09 21:47:48 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/12/09 21:40:16 | 000,036,864 | ---- | C] () -- C:\Windows\Security.exe
[2010/11/18 07:39:28 | 000,000,366 | -H-- | C] () -- C:\Users\Hunter\.DP4WEB_PRI_4491611308092867.sdv
[2010/07/19 17:07:25 | 000,020,438 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338_navi.JPG
[2010/07/19 17:07:24 | 000,061,713 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.0
[2010/07/19 17:07:24 | 000,054,814 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.JPG
[2010/05/15 09:32:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/26 07:14:38 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\.oit
[2012/10/24 23:22:54 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Dropbox
[2011/01/11 13:13:19 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\MusicNet
[2012/02/23 11:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\PeerNetworking
[2010/05/02 18:27:39 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\PictureMover
[2010/12/09 21:53:08 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\ScanSoft
[2010/08/02 18:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Tific
[2010/05/02 19:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\WildTangent
[2010/05/04 20:58:18 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\WinBatch
[2011/02/02 18:56:17 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Windows Live Writer
[2010/12/09 21:53:20 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 367 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.44.jpg:com.dropbox.attributes
@Alternate Data Stream - 364 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.23.jpg:com.dropbox.attributes
@Alternate Data Stream - 335 bytes -> C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp:com.dropbox.attributes

< End of report >


Thanks for your help!!
Hunter11
  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Hunter11. Welcome to GTG. Let's help you out with your malware issue.

All of my fixes will need to be approved first by an expert so please expect some delay in response every now and then.

Now there should be another log file in the same place where the OTL log was, and it's called Extras.txt. Please paste that log here in your next reply.

Also, please try the following:

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Amlak,

Thanks for the help.

Here is the Extras.txt

OTL Extras logfile created on: 10/25/2012 1:19:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = N:\Malware Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

17.99 Gb Total Physical Memory | 16.80 Gb Available Physical Memory | 93.37% Memory free
35.98 Gb Paging File | 34.73 Gb Available in Paging File | 96.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1276.24 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.66 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1397.13 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive M: | 238.73 Mb Total Space | 206.25 Mb Free Space | 86.39% Space Free | Partition Type: FAT
Drive N: | 14.90 Gb Total Space | 12.23 Gb Free Space | 82.07% Space Free | Partition Type: FAT32

Computer Name: WDOCTOR | User Name: Hunter | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EFF408-EC1B-444A-973E-276B0FC2E449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CE849D1-FF04-42B2-970D-36841139D0DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F92508-2A53-4188-8281-8A16E70E2705}" = lport=2869 | protocol=6 | dir=in | app=system |
"{158E39BC-085B-4F25-9B3D-9A57D8190668}" = lport=445 | protocol=6 | dir=in | app=system |
"{2299D128-4F27-45ED-890D-96796FCCF205}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{25B54951-F4B5-4782-AB3A-ABF7F5709388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25FEF8E0-DFD7-40C4-8537-B7B14BB9C582}" = lport=137 | protocol=17 | dir=in | app=system |
"{288D1617-4B1E-42E1-9945-70543DF6D6F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E548D42-90B7-45F8-A676-794E7368A820}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FEF2FF0-61F3-49C2-80CF-FE104A3FE0FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{582EE33F-43A9-4185-8F0E-ABCE8458BCD5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{679D6790-E1C8-4B6B-A2EE-1A85B7002B11}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F10CD10-2ABE-499D-835D-A7A1EF6C2F73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73D68288-C42A-435A-9B11-2DBE83F6BF7F}" = rport=139 | protocol=6 | dir=out | app=system |
"{741CCADA-2468-4519-A0D3-C377355443DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{83A17D66-2AED-47ED-986F-CF7A0B162E0D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8BF45D13-D91C-42BA-849D-DBC9E0D11AFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90069F47-F454-4F54-A42D-AA36A2E250E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{93D90B7F-6001-4127-B3B7-1BCD882EE01A}" = lport=139 | protocol=6 | dir=in | app=system |
"{98025F0C-9431-4390-94BE-5ABA32FBEF9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{99E700F7-1281-4B05-A4F7-3EBF7C1454D3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AFFA897A-354C-4140-82C8-AF571C79F23A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1739061-04C9-4E03-A46E-0CFD5E4BAD6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4DD05A5-6B35-45BD-B20B-E89599D89B7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C87CA4CA-F1CC-49B2-8F16-908CA0FBA3FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED4DEC2F-4223-4791-B2A1-269B35C79366}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE1CCCA6-E8FA-4A60-AC71-077E160330DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F062044E-27ED-40A7-B56A-4A58B815898B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00084979-D7B0-48DA-BD0D-6096B2414FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{00B01F44-463C-4A48-9309-DE8D7D268582}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0C1D09BA-CF0F-4B8C-A942-D0DC000EAF1E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{1646E665-79FB-49E2-9A6E-22CBEEC310B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BFC4ECA-8154-46DE-92C6-1B08A2324E40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E1ED9A7-FDA9-4CBD-9979-6466B1EC9EA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{259FEC1F-81F8-4BE0-9F47-1487E27E7331}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{321EA719-3C64-4314-8E64-1E5CB71C477E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32BF21FD-A9DF-4F84-B19E-C457D7082DE2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{40A37890-76A2-4D6D-A71F-40BAC817DB26}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B6609D5-C4DB-4BA8-B05C-8DC770CE2338}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{5C0A4B77-9553-423C-BE49-28146C2ECC98}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{5C2B969F-78DE-45DE-9DC4-84D9411D058C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6194AC74-0E7B-4027-B8EB-5C0EACE647B3}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{62252B0A-DEC2-4408-854C-06274E72C87A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{641D72ED-EE65-4B8D-B6A6-FD222241CB87}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{650A096A-56EE-4A01-8089-2B98366FA549}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65E0DE29-6191-41D9-91F2-AB409BF08396}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{688F448E-0F8B-489F-A16F-6BDB1825C883}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{6E71EE3B-1B4D-457F-A5DC-21B699EEF8FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F704B94-87B9-45A6-B8BC-A1B3373B4BDC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{739DE26C-33A1-4901-ACCB-69BA254420EB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7575FD00-0B61-4965-B49B-CE66956AABD6}" = protocol=1 | dir=in | [email protected],-28543 |
"{780C70C4-3B93-45DD-94A7-9D3A7BB49291}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{7DC44027-F735-46C5-A74B-526929BABD50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DE28D14-6F51-4774-A457-E560B01469F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{88343C43-C2C7-45CA-B34E-4C2F1E6ED3C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8A281DEE-6ECA-4633-96EB-61196FDC83E3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9396E5F2-3555-47BD-92C3-5B0F86165D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95A0AFD2-E0DE-44DD-AC71-98D0C66A3062}" = protocol=58 | dir=out | [email protected],-28546 |
"{96DF3189-17B0-429C-837B-730243064ECD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{9C488E62-79A3-418F-8AC7-80AE86C4B348}" = protocol=58 | dir=in | [email protected],-28545 |
"{9ECFA075-82B7-4C4A-BB7B-D6930278D30A}" = protocol=6 | dir=out | app=system |
"{A12E6010-A4EA-4300-BA29-AAC018E567FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4670739-8EFC-479B-B958-F69E48139CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{AC74BC95-E828-4B4F-AC6C-05C9DB2885C0}" = protocol=17 | dir=in | app=c:\users\hunter\appdata\roaming\dropbox\bin\dropbox.exe |
"{B232DCCF-E6C6-42CC-99A8-6C024C86E5E3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B2C81D95-5F66-46AE-88EF-01377A45A294}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B38C5D93-0EAA-4447-8C08-CB1DD47615AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B678EE81-EE4C-45BC-8B3C-5CEB224CC3C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{BFADB96A-6D9B-4E78-946D-4DE360BCA864}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C5972E62-000D-4088-818E-F50D1845072E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCC5E952-74AC-4AEC-A251-86AE90D0E3CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE6461CE-43C7-4F1B-B459-531C2E401A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{DE824494-3DAA-4ABA-9F0C-205FCDFA3B85}" = protocol=6 | dir=in | app=c:\users\hunter\appdata\roaming\dropbox\bin\dropbox.exe |
"{DF559A54-73F7-443F-BF5A-5648D29B9395}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4DE65DB-D042-4110-A7BC-A7FB6F8BBB33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E69C16CD-CD44-4446-818A-B4778E326AF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F28C9520-1F97-4636-B084-BFE7E6C91792}" = protocol=1 | dir=out | [email protected],-28544 |
"{F5DDEF15-3A4F-4BA9-A212-F6386DFF6867}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F61B2663-35DE-4B1E-9946-5A58ACDAC0DE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1" = Free Editor
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}" = Catalyst Control Center InstallProxy
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B93E7D-2B54-4BC1-A095-90CB24DAC70E}" = ScanSoft PaperPort 11
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{878D6814-27CD-414A-9021-D0689786F9BE}" = ClinCheck
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1B2D9B5-6898-48B9-8C60-11DBB5F519C7}" = Hewlett-Packard Scanjet 3000
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioCS" = Creative Audio Control Panel
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Google Chrome" = Google Chrome
"Host OpenAL" = Host OpenAL
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{286FE6F9-C55C-432A-94FA-115B8C293E30}" = ClinCheck
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{878D6814-27CD-414A-9021-D0689786F9BE}" = ClinCheck
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"PROHYBRIDR" = 2007 Microsoft Office system
"StarCraft II" = StarCraft II
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2012 4:50:24 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:24 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:25 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:25 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:25 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:25 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/21/2012 4:50:25 PM | Computer Name = wdoctor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/22/2012 3:17:09 AM | Computer Name = wdoctor | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/23/2012 1:30:22 AM | Computer Name = wdoctor | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/25/2012 1:30:22 AM | Computer Name = wdoctor | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 7/13/2011 1:26:30 PM | Computer Name = wdoctor | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 5/3/2012 11:18:06 PM | Computer Name = wdoctor | Source = HPSF.exe | ID = 4000
Description =

Error - 5/19/2012 1:05:38 PM | Computer Name = wdoctor | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 18423 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 1:05:38 PM | Computer Name = wdoctor | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 18423 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/25/2012 2:00:56 PM | Computer Name = wdoctor | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 18423 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/2/2012 1:40:48 PM | Computer Name = wdoctor | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 18423 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ OSession Events ]
Error - 5/22/2010 8:32:16 PM | Computer Name = Mothership | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 805
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/25/2012 1:26:23 PM | Computer Name = wdoctor | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/25/2012 1:26:23 PM | Computer Name = wdoctor | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/25/2012 1:26:35 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:26:38 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:27:40 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:27:43 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:27:45 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:27:48 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:28:50 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.

Error - 10/25/2012 1:28:53 PM | Computer Name = wdoctor | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk6\DR6, has a bad block.


< End of report >


Here is the ASWmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 21:11:13
-----------------------------
21:11:13.020 OS Version: Windows x64 6.1.7601 Service Pack 1
21:11:13.020 Number of processors: 12 586 0x2C02
21:11:13.020 ComputerName: WDOCTOR UserName: Hunter
21:11:15.079 Initialize success
21:11:35.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
21:11:35.297 Disk 0 Vendor: ST315003 HP23 Size: 1430799MB BusType: 8
21:11:35.297 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
21:11:35.312 Disk 1 Vendor: ST315003 HP23 Size: 1430799MB BusType: 8
21:11:35.312 Disk 0 MBR read successfully
21:11:35.312 Disk 0 MBR scan
21:11:35.312 Disk 0 unknown MBR code
21:11:35.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:11:35.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418823 MB offset 206848
21:11:35.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11874 MB offset 2905956352
21:11:35.406 Disk 0 scanning C:\Windows\system32\drivers
21:11:42.379 Service scanning
21:11:56.934 Modules scanning
21:11:56.934 Disk 0 trace - called modules:
21:11:56.950 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:11:56.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f30e790]
21:11:56.950 3 CLASSPNP.SYS[fffff88001b3043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800f0dd050]
21:11:56.950 Scan finished successfully
21:12:15.389 Disk 0 MBR has been saved successfully to "N:\Malware Tools\MBR.dat"
21:12:15.404 The log file has been saved successfully to "N:\Malware Tools\aswMBR.txt"


Hunter11
  • 0

#4
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Amlak,

After some additional research, I'm fairly certain at least a portion of my issue is the "File Restore Virus". I have run Malwarebytes in Safe Mode and it detected six threats (PUM.HIJACK.STARTMENU, etc.), but I feel they are regenerating when the computer is restarted. I am running all programs and reports back and forth from the affected machine to a healthy one via a USB storage device. The infected machine is very hard to navigate.

Thx,
Hunter11
  • 0

#5
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
No problem. I've already submitted my next proposed fix to the expert and am awaiting approval. Once that's done, I'll post it here as soon as possible.
  • 0

#6
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Hunter11. One of your drives seems to have a problem.

The device, \Device\Harddisk6\DR6, has a bad block.


Please right-click My Computer, select Manage, and then select Disk Management to see (if possible) which drive corresponds to #6. And once you identify the drive, let me know which one. Or if you would post a screenshot of what the Disk Management windows, that would be great.

Anyhow, concerning the malware on your system:

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

*********
NEXT
*********

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

*********
NEXT
*********

Run OTL and click the Quick Scan button. Then post the log it produces in your next reply.
  • 0

#7
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Amlak,

I tried to identify the bad block drive using your technique and the following red x notification came up:

Windows cannot find'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.Ink'. Make sure you typed the name correctly, and then try again.

Here are the RKreport.txt text files:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Hunter [Admin rights]
Mode : Scan -- Date : 10/26/2012 20:26:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : kDLpblkn8gUEut (C:\ProgramData\kDLpblkn8gUEut.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-951861780-1573274764-139694706-1004[...]\Run : kDLpblkn8gUEut (C:\ProgramData\kDLpblkn8gUEut.exe) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] 62710b53de7a710ceae4cf6c2e8fb129
[BSP] a6927b5294d121224a9365f1704714e8 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1418823 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2905956352 | Size: 11874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31500341AS +++++
--- User ---
[MBR] 996b79da21d198ce10b3d7b57f7c48c5
[BSP] 575eb5ac8ea0d832dd18e8021171fb4e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Hunter [Admin rights]
Mode : Remove -- Date : 10/26/2012 20:42:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 20 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : kDLpblkn8gUEut (C:\ProgramData\kDLpblkn8gUEut.exe) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] 62710b53de7a710ceae4cf6c2e8fb129
[BSP] a6927b5294d121224a9365f1704714e8 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1418823 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2905956352 | Size: 11874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31500341AS +++++
--- User ---
[MBR] 996b79da21d198ce10b3d7b57f7c48c5
[BSP] 575eb5ac8ea0d832dd18e8021171fb4e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Hunter [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/26/2012 20:50:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 365 / Fail 0
Quick launch: Success 23 / Fail 0
Programs: Success 904 / Fail 0
Start menu: Success 44 / Fail 0
User folder: Success 52645 / Fail 0
My documents: Success 699 / Fail 699
My favorites: Success 25 / Fail 0
My pictures: Success 680 / Fail 0
My music: Success 19 / Fail 0
My videos: Success 1 / Fail 0
Local drives: Success 27262 / Fail 0
Backup: [FOUND] Success 217 / Fail 0 / Exists 0

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume8 -- 0x2 --> Restored
[L:] \Device\HarddiskVolume9 -- 0x3 --> Restored
[M:] \Device\HarddiskVolume10 -- 0x2 --> Restored
[N:] \Device\HarddiskVolume11 -- 0x2 --> Restored

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


AdwCleaner Log:

# AdwCleaner v2.005 - Logfile created 10/26/2012 at 20:53:34
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Hunter - WDOCTOR
# Boot Mode : Safe mode with networking
# Running from : N:\Malware Tools\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Users\Hunter\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Hunter\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\Hunter\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Hunter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2015 octets] - [26/10/2012 20:53:34]

########## EOF - C:\AdwCleaner[S2].txt - [2075 octets] ##########


OTL Log:

OTL logfile created on: 10/26/2012 8:58:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = N:\Malware Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

17.99 Gb Total Physical Memory | 15.72 Gb Available Physical Memory | 87.35% Memory free
35.98 Gb Paging File | 33.42 Gb Available in Paging File | 92.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1276.20 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.66 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1397.13 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive N: | 14.90 Gb Total Space | 12.21 Gb Free Space | 81.96% Space Free | Partition Type: FAT32

Computer Name: WDOCTOR | User Name: Hunter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- N:\Malware Tools\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/24 22:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/22 05:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/08/22 05:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/08/22 05:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/10 18:15:00 | 000,385,024 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 22:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/07 16:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/23 14:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/08/26 09:29:30 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/03/26 17:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 21:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/09 02:51:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/22 18:52:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/22 18:52:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/23 14:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS -- (ATIXPGAA)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/02 18:29:09 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/18 09:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/06 06:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2012/10/05 14:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 21:51:15 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 21:51:15 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121016.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 23:24:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 23:24:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...34,17117,0,18,0
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enUS456
IE - HKCU\..\SearchScopes\{8DF8ACC2-0942-4115-BA7A-55E5291240AD}: "URL" = http://search.yahoo....34,17118,0,18,0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/23 13:22:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/10/26 20:55:26 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.33.159.39 71.2.28.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2F5060-58D9-434B-B9A3-644DDE35CAEB}: DhcpNameServer = 208.33.159.39 71.2.28.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | ---- | M] () - N:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/26 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hunter\Desktop\RK_Quarantine
[2012/10/25 22:41:28 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hunter\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/25 13:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012/10/24 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{0420BABB-4AEF-4D8E-BD6A-8B1C099BDEE1}
[2012/10/24 09:04:44 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{65B6609B-FB94-4947-8F8F-64DF64B98C5A}
[2012/10/23 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{9E3B6D7D-AF63-4767-998A-6CAB0CEE9CD4}
[2012/10/23 09:04:21 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{1CF32F5D-7B1E-4824-B505-F2BB2FF18F0F}
[2012/10/22 21:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{A1DF7B46-5D5F-4B65-860E-F3732D8F4A62}
[2012/10/22 09:03:58 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{04C28972-9820-433D-A1D6-9A50764C5978}
[2012/10/21 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{DAA0D7E6-8BD6-4526-9599-73B664B94041}
[2012/10/21 09:03:34 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{D0771EDA-548F-48BE-9045-BC80A6E23991}
[2012/10/20 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{E65CEDB2-2EE3-42F9-BF78-CEF3944907B6}
[2012/10/20 09:03:11 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{ED0D8FF5-9C49-412E-9FB0-C1CA8F0F546D}
[2012/10/19 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{3FFA9BB0-B8CD-46D9-8C60-339C4864BE6D}
[2012/10/19 09:02:47 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{7D6A7ECB-8487-4286-A261-2EFB793982BF}
[2012/10/18 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{02AD78C0-6972-46AD-91AA-206C17A7916A}
[2012/10/18 09:02:24 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{711DA1C5-506B-44E2-A949-2A1E327948D3}
[2012/10/17 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{C2CE702A-8BF6-42D6-9F6F-4DB2431FB545}
[2012/10/17 09:02:01 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{0A725743-3BF7-4A5A-88DC-18D7CEC9DF7B}
[2012/10/16 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{E56F32F3-7DE3-4D09-964D-1DDE43514DED}
[2012/10/16 09:01:37 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{FCB6A699-77BE-406C-AE40-CF203E4370E4}
[2012/10/15 21:01:25 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{3431A34C-BBBD-4C80-855B-2988FCCFC7D4}
[2012/10/15 10:44:12 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_635.exe
[2012/10/15 09:01:14 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{4B1E6502-60F0-4F1C-9898-6FE1653965FF}
[2012/10/14 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{011D7936-7C2B-4BCD-99CE-24A48E2C7DB8}
[2012/10/14 09:00:50 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{0BFD23EF-22CA-4CDC-AA19-FA1EE5B28FF7}
[2012/10/13 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{207405C3-37D2-47A7-A26F-FFA4DBB70425}
[2012/10/13 09:00:27 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{90BDF5D1-3104-4CE8-85ED-7AFFFD8B13C8}
[2012/10/12 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{A710B05E-2CC6-4345-8B9B-DD0EC6AB70F9}
[2012/10/12 03:07:24 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{EBBC6DEC-3D36-435D-BDA1-C53F0B08FC9D}
[2012/10/11 15:07:12 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{FCC8D865-2FFF-4CD7-A414-242F9DADAE6D}
[2012/10/11 03:06:48 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{E16A11D4-67F9-4368-A244-21F2963B9B5A}
[2012/10/10 15:06:36 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{21A23F43-FCB0-4A1D-9D25-3E1BFE8E4BC3}
[2012/10/10 03:06:25 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{53DA64C1-AD3A-440F-8A53-F1C6090CC68F}
[2012/10/09 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{D86CADE5-A891-4F75-B76B-7B736F79D01B}
[2012/10/09 03:06:01 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{C32B827D-D169-4796-BCE5-534B2399F473}
[2012/10/08 15:05:50 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{8FFB7821-3CE9-4A5D-95B4-3D46269B2A34}
[2012/10/08 03:05:25 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{E222DE90-C5A8-4D1A-9D89-4000610811B0}
[2012/10/07 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{791002A0-8C0B-4C65-B070-4E450E307E05}
[2012/10/07 03:04:50 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{AA6D49A7-DC76-46ED-82D7-304146CDE8E4}
[2012/10/06 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{16673F5C-2ED8-43CD-A046-57CE0C92A021}
[2012/10/06 03:04:27 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{956710BC-37A2-475D-B4A9-DAFB9D8CBAFE}
[2012/10/05 15:04:15 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{F8183AA5-82EE-49AA-B52B-7E79874EB22E}
[2012/10/05 03:04:03 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{F8195E91-2D2A-4A0D-B3F8-C25F306B8FF0}
[2012/10/04 15:03:52 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{87E3733F-10B5-4146-9500-909D5FA142AA}
[2012/10/04 03:03:38 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{F8D98117-32B1-4B3A-B849-C13C79A0792A}
[2012/10/03 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{485B5B71-B88B-48BE-A609-41B5224A5484}
[2012/10/03 03:03:14 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{475258EC-E43F-4169-A45A-712DE5F73011}
[2012/10/02 15:03:02 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{431CE661-6FD0-48D5-A339-606218F5435F}
[2012/10/02 03:02:51 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{2F75B5ED-6891-47D3-82E7-68500D92D09D}
[2012/10/01 15:02:39 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{5CA37767-6914-4108-A5F1-C8258C7978A8}
[2012/10/01 03:02:27 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{F72526AF-8F6D-471F-89EE-2BB1998AAE89}
[2012/09/30 15:02:16 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{5D3D7394-BB90-425B-A755-A828FB716C4B}
[2012/09/30 03:02:04 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{96D8FA24-08FE-4F20-9808-705018AA9BF8}
[2012/09/29 15:01:52 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{38F0797D-5688-4413-9A97-884D4C7FF8D4}
[2012/09/29 03:01:41 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{D336DF2F-F12C-4D64-AF86-8E44F625C0DD}
[2012/09/28 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{D029A80F-B056-4768-9CA9-7A84D584B02E}
[2012/09/28 03:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{C2DD82DD-87EA-422A-BFF6-83FCB6AAAB48}
[2012/09/27 15:01:05 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{2043B567-9280-4AE8-A2B7-D7183A4F59C5}
[2012/09/27 03:00:54 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Local\{1D55A271-9DE4-47BD-B6F8-E95B4753CA42}
[2011/09/24 15:34:33 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_626.exe
[2010/08/08 13:29:17 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_540.exe
[2010/05/03 17:38:02 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_438.exe

========== Files - Modified Within 30 Days ==========

[2012/10/26 21:04:02 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 21:04:02 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 20:55:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 20:55:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/26 20:55:09 | 1603,608,573 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 22:41:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/25 22:38:46 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hunter\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:14:02 | 000,000,168 | ---- | M] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | ---- | M] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:59 | 000,000,679 | ---- | M] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | ---- | M] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:13:57 | 000,000,368 | ---- | M] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | ---- | M] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:41:42 | 000,000,112 | ---- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/24 21:39:22 | 000,344,064 | ---- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:38:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/24 20:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 22:58:04 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/19 22:58:04 | 000,670,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/19 22:58:04 | 000,124,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 16:52:04 | 012,362,130 | ---- | M] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/11 14:54:32 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/06 20:21:31 | 000,002,743 | ---- | M] () -- C:\Users\Hunter\Desktop\Virginia Cavaliers Message Board Forum - Wahoos247 Message Boards.lnk
[2012/10/04 22:16:48 | 001,993,772 | ---- | M] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/04 22:16:40 | 002,151,695 | ---- | M] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/09/30 13:46:09 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/26 20:42:45 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/10/26 20:42:45 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/10/26 20:42:45 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/10/26 20:42:45 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/10/26 20:42:45 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/26 20:42:45 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/26 20:42:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/10/26 20:42:45 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/10/26 20:42:45 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/10/26 20:42:45 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/10/26 20:42:45 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\ClinCheck Documentation.lnk
[2012/10/26 20:42:45 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Free Editor.lnk
[2012/10/26 20:42:44 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/10/26 20:42:44 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/10/26 20:42:44 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/10/26 20:42:44 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/10/26 20:42:44 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/10/26 20:42:44 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/10/26 20:42:43 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/26 20:42:43 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/10/26 20:42:42 | 000,002,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
[2012/10/26 20:42:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/10/26 20:42:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/10/26 20:42:40 | 000,002,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2012/10/26 20:42:40 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
[2012/10/26 20:42:40 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
[2012/10/25 22:41:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 23:14:02 | 000,000,168 | ---- | C] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | ---- | C] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:58 | 000,000,679 | ---- | C] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | ---- | C] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:10:10 | 000,000,368 | ---- | C] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | ---- | C] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:39:22 | 000,344,064 | ---- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:39:22 | 000,000,112 | ---- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/18 19:53:02 | 012,362,130 | ---- | C] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/13 13:52:35 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/06 19:37:31 | 001,993,772 | ---- | C] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/06 19:36:05 | 002,151,695 | ---- | C] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/08/23 12:19:11 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/23 12:11:50 | 000,033,290 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.JPG
[2012/08/23 12:11:37 | 000,027,197 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.0
[2012/08/22 18:22:32 | 000,031,386 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmp50-1.JPG
[2012/08/21 18:12:15 | 000,110,223 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.JPG
[2012/07/24 18:56:49 | 000,031,073 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.JPG
[2012/07/24 18:56:49 | 000,024,804 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.0
[2012/07/14 09:05:52 | 000,293,543 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.0
[2012/07/14 09:05:52 | 000,109,566 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.1
[2012/06/20 21:15:43 | 000,670,961 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.0
[2012/06/20 21:15:43 | 000,660,160 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.JPG
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/23 11:12:30 | 000,033,134 | ---- | C] () -- C:\Users\Hunter\AppData\Roaming\UserTile.png
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/12 12:25:28 | 003,453,299 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.0
[2011/03/12 12:25:28 | 001,624,138 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.JPG
[2011/03/12 12:21:42 | 002,766,251 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.0
[2011/03/12 12:21:42 | 001,240,376 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.JPG
[2011/02/08 18:01:17 | 002,979,513 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.0
[2011/02/08 18:01:17 | 001,381,893 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.JPG
[2010/12/09 21:47:48 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/12/09 21:40:16 | 000,036,864 | ---- | C] () -- C:\Windows\Security.exe
[2010/11/18 07:39:28 | 000,000,366 | ---- | C] () -- C:\Users\Hunter\.DP4WEB_PRI_4491611308092867.sdv
[2010/07/19 17:07:25 | 000,020,438 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338_navi.JPG
[2010/07/19 17:07:24 | 000,061,713 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.0
[2010/07/19 17:07:24 | 000,054,814 | ---- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.JPG
[2010/05/15 09:32:22 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/26 07:14:38 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\.oit
[2012/10/26 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Dropbox
[2011/01/11 13:13:19 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\MusicNet
[2012/02/23 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\PeerNetworking
[2010/05/02 18:27:39 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\PictureMover
[2010/12/09 21:53:08 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\ScanSoft
[2010/08/02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Tific
[2010/05/02 19:38:00 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\WildTangent
[2010/05/04 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\WinBatch
[2011/02/02 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Windows Live Writer
[2010/12/09 21:53:20 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 367 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.44.jpg:com.dropbox.attributes
@Alternate Data Stream - 364 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.23.jpg:com.dropbox.attributes
@Alternate Data Stream - 335 bytes -> C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp:com.dropbox.attributes

< End of report >


Thank you....looking much more normal now. The background of the desktop is black however.
Hunter11
  • 0

#8
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
For the Disk Management matter, I think you should right-click on Computer from the Start menu. Could you try that for me please and let me know if a window pops up this time?

Anyway, while you do this, I'll propose the next fix to the expert for you.
  • 0

#9
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Amlak,

Yes, I can now open the window to computer management.

TY,
Hunter11
  • 0

#10
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Could you let me see a screenshot of the Disk Management window?

Maximize the Disk Management window and click the PritnScreen button on your keyboard.

Then go to Paint program and click Paste to paste the screenshot you took.

Save the image file, zip it up and attach to your next reply.
  • 0

Advertisements


#11
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Don't worry about the Disk Management matter now if it's a hassle. Just follow the next steps for now.

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Also, please disable MalwareBytes' (if it's running in the background) for the duration of this fix


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKCU\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
    O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell - "" = AutoRun
    O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
    O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell - "" = AutoRun
    O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
    O33 - MountPoints2\M\Shell - "" = AutoRun
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe
    [2012/10/24 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
    [2012/10/24 23:14:02 | 000,000,168 | ---- | M] () -- C:\ProgramData\-kDLpblkn8gUEutr
    [2012/10/24 23:14:02 | 000,000,144 | ---- | M] () -- C:\ProgramData\-kDLpblkn8gUEut
    [2012/10/24 23:13:59 | 000,000,679 | ---- | M] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
    [2012/10/24 23:13:58 | 000,000,655 | ---- | M] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
    [2012/10/24 23:13:57 | 000,000,368 | ---- | M] () -- C:\ProgramData\kDLpblkn8gUEut
    [2012/10/24 23:10:09 | 000,344,064 | ---- | M] () -- C:\ProgramData\kDLpblkn8gUEut.exe
    [2012/10/24 21:41:42 | 000,000,112 | ---- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL
    [2012/10/24 21:39:22 | 000,344,064 | ---- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log it produces in your next reply.

If it's still an issue, we'll work on the desktop background issue next. Any other issues?
  • 0

#12
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Amlak,

The drive issue was a failing external hard drive. I disconnected it and it seems those issues have been resolved. The Desktop background is still black, but I may just need to reset it? Everything else seems to be OK. Response to commands may be a bit slower or it could be the system is readjusting from the cahnges made. Here is the latest log from OTL after the fix was run:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\ not found.
File M:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\ not found.
File N:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\LaunchU3.exe not found.
C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore folder moved successfully.
C:\ProgramData\-kDLpblkn8gUEutr moved successfully.
C:\ProgramData\-kDLpblkn8gUEut moved successfully.
File C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk not found.
File C:\Users\Hunter\Desktop\File_Restore.lnk not found.
C:\ProgramData\kDLpblkn8gUEut moved successfully.
File C:\ProgramData\kDLpblkn8gUEut.exe not found.
C:\ProgramData\hf5XJdsLTMSJBL moved successfully.
File C:\ProgramData\hf5XJdsLTMSJBL.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hunter
->Temp folder emptied: 1320853438 bytes
->Temporary Internet Files folder emptied: 79045137 bytes
->Java cache emptied: 733256 bytes
->Google Chrome cache emptied: 23004818 bytes
->Flash cache emptied: 92426 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 643806327 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67362 bytes
RecycleBin emptied: 34786360 bytes

Total Files Cleaned = 2,005.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272012_094856

Files\Folders moved on Reboot...
C:\Users\Hunter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Hunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CZZN44R6\page__pid__2221296[1].htm moved successfully.
C:\Users\Hunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Hunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


TY,
Hunter11
  • 0

#13
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
No worries. If you aren't able to reset the desktop background, let me know.

Any other issues?

Response to commands may be a bit slower or it could be the system is readjusting from the cahnges made


Are you referring to the last OTL commands? It is normal for some OTL fixes to take a while to finish.
  • 0

#14
Hunter11

Hunter11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have the background back to normal and the speed seems fine. Did the scans look like the problem has been fully coreected? What combination of anti-virus/anti-malware programs would you recommend to keep this type of event a rarity?

TY,
Hunter11
  • 0

#15
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, Hunter11.

MalwareBytes' is good if you have its full protection on (I think you have to pay a little money for the full version eventually but you can stick with the trial version for now).

As for antivirus, Norton isn't bad. But if you'd rather change it to something else, there are free antiviruses that are actually pretty good: like Avast, Avira, or Microsoft Security Essentials. Or if you want commercial, Kaspersky is pretty good. Just make sure you only have one antivirus installed at a time.

Anyway, so far, so good. Just a post or two before we're done. I'll post back later.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP