I am experiencing erratic behavior with my computer coinciding with multiple error messages cascading across the desktop. The error message reads as follows' "A write command has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address." This has been accompanied randomly by "Drive sector not found" and "write fault error" messages. I also see a message from what I assume to be the NVIDIA Catalyst software saying "catalyst control error".
Here is the OTL log from this computer:
OTL logfile created on: 10/25/2012 1:16:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = N:\Malware Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
17.99 Gb Total Physical Memory | 16.80 Gb Available Physical Memory | 93.37% Memory free
35.98 Gb Paging File | 34.73 Gb Available in Paging File | 96.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.57 Gb Total Space | 1276.24 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 11.60 Gb Total Space | 1.66 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1397.13 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive M: | 238.73 Mb Total Space | 206.25 Mb Free Space | 86.39% Space Free | Partition Type: FAT
Drive N: | 14.90 Gb Total Space | 12.23 Gb Free Space | 82.07% Space Free | Partition Type: FAT32
Computer Name: WDOCTOR | User Name: Hunter | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- N:\Malware Tools\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/09 02:51:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/22 18:52:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/22 18:52:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/23 14:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS -- (ATIXPGAA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/02 18:29:09 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/18 09:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/06 06:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2012/10/05 14:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 21:51:15 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 21:51:15 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121024.018\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121016.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 23:24:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 23:24:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/22 15:59:35] [Kernel | Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...34,17117,0,18,0
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{58A08F76-ED6A-4525-9078-A14BD9FB8922}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enUS456
IE - HKCU\..\SearchScopes\{8DF8ACC2-0942-4115-BA7A-55E5291240AD}: "URL" = http://search.yahoo....34,17118,0,18,0
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{C63C36F7-C763-422B-A87C-FE4DF134FFDB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/23 13:22:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2012/10/25 13:07:19 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [kDLpblkn8gUEut] C:\ProgramData\kDLpblkn8gUEut.exe ()
O4 - HKCU..\Run: [PDckxwbyiexT.exe] C:\ProgramData\PDckxwbyiexT.exe (EliteGroup)
O4 - Startup: C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.33.159.39 71.2.28.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2F5060-58D9-434B-B9A3-644DDE35CAEB}: DhcpNameServer = 208.33.159.39 71.2.28.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/08 13:01:40 | 000,025,600 | ---- | M] () - M:\AUTO INSURANCE.doc -- [ FAT ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - N:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{8d04709f-f5cb-11df-998d-001fc6f6c6b3}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d229c52a-e1c6-11e0-a26c-001fc6f6c6b3}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/25 13:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:13:57 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012/10/24 21:04:56 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0420BABB-4AEF-4D8E-BD6A-8B1C099BDEE1}
[2012/10/24 21:04:30 | 000,431,104 | -H-- | C] (EliteGroup) -- C:\ProgramData\PDckxwbyiexT.exe
[2012/10/24 09:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{65B6609B-FB94-4947-8F8F-64DF64B98C5A}
[2012/10/23 21:04:33 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{9E3B6D7D-AF63-4767-998A-6CAB0CEE9CD4}
[2012/10/23 09:04:21 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{1CF32F5D-7B1E-4824-B505-F2BB2FF18F0F}
[2012/10/22 21:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{A1DF7B46-5D5F-4B65-860E-F3732D8F4A62}
[2012/10/22 09:03:58 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{04C28972-9820-433D-A1D6-9A50764C5978}
[2012/10/21 21:03:46 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{DAA0D7E6-8BD6-4526-9599-73B664B94041}
[2012/10/21 09:03:34 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D0771EDA-548F-48BE-9045-BC80A6E23991}
[2012/10/20 21:03:23 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E65CEDB2-2EE3-42F9-BF78-CEF3944907B6}
[2012/10/20 09:03:11 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{ED0D8FF5-9C49-412E-9FB0-C1CA8F0F546D}
[2012/10/19 21:02:59 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{3FFA9BB0-B8CD-46D9-8C60-339C4864BE6D}
[2012/10/19 09:02:47 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{7D6A7ECB-8487-4286-A261-2EFB793982BF}
[2012/10/18 21:02:36 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{02AD78C0-6972-46AD-91AA-206C17A7916A}
[2012/10/18 09:02:24 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{711DA1C5-506B-44E2-A949-2A1E327948D3}
[2012/10/17 21:02:12 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C2CE702A-8BF6-42D6-9F6F-4DB2431FB545}
[2012/10/17 09:02:01 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0A725743-3BF7-4A5A-88DC-18D7CEC9DF7B}
[2012/10/16 21:01:49 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E56F32F3-7DE3-4D09-964D-1DDE43514DED}
[2012/10/16 09:01:37 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{FCB6A699-77BE-406C-AE40-CF203E4370E4}
[2012/10/15 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{3431A34C-BBBD-4C80-855B-2988FCCFC7D4}
[2012/10/15 10:44:12 | 001,393,736 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_635.exe
[2012/10/15 09:01:14 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{4B1E6502-60F0-4F1C-9898-6FE1653965FF}
[2012/10/14 21:01:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{011D7936-7C2B-4BCD-99CE-24A48E2C7DB8}
[2012/10/14 09:00:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{0BFD23EF-22CA-4CDC-AA19-FA1EE5B28FF7}
[2012/10/13 21:00:39 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{207405C3-37D2-47A7-A26F-FFA4DBB70425}
[2012/10/13 09:00:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{90BDF5D1-3104-4CE8-85ED-7AFFFD8B13C8}
[2012/10/12 15:07:35 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{A710B05E-2CC6-4345-8B9B-DD0EC6AB70F9}
[2012/10/12 03:07:24 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{EBBC6DEC-3D36-435D-BDA1-C53F0B08FC9D}
[2012/10/11 15:07:12 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{FCC8D865-2FFF-4CD7-A414-242F9DADAE6D}
[2012/10/11 03:06:48 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E16A11D4-67F9-4368-A244-21F2963B9B5A}
[2012/10/10 15:06:36 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{21A23F43-FCB0-4A1D-9D25-3E1BFE8E4BC3}
[2012/10/10 03:06:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{53DA64C1-AD3A-440F-8A53-F1C6090CC68F}
[2012/10/09 15:06:13 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D86CADE5-A891-4F75-B76B-7B736F79D01B}
[2012/10/09 03:06:01 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C32B827D-D169-4796-BCE5-534B2399F473}
[2012/10/08 15:05:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{8FFB7821-3CE9-4A5D-95B4-3D46269B2A34}
[2012/10/08 03:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{E222DE90-C5A8-4D1A-9D89-4000610811B0}
[2012/10/07 15:05:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{791002A0-8C0B-4C65-B070-4E450E307E05}
[2012/10/07 03:04:50 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{AA6D49A7-DC76-46ED-82D7-304146CDE8E4}
[2012/10/06 15:04:38 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{16673F5C-2ED8-43CD-A046-57CE0C92A021}
[2012/10/06 03:04:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{956710BC-37A2-475D-B4A9-DAFB9D8CBAFE}
[2012/10/05 15:04:15 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8183AA5-82EE-49AA-B52B-7E79874EB22E}
[2012/10/05 03:04:03 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8195E91-2D2A-4A0D-B3F8-C25F306B8FF0}
[2012/10/04 15:03:52 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{87E3733F-10B5-4146-9500-909D5FA142AA}
[2012/10/04 03:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F8D98117-32B1-4B3A-B849-C13C79A0792A}
[2012/10/03 15:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{485B5B71-B88B-48BE-A609-41B5224A5484}
[2012/10/03 03:03:14 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{475258EC-E43F-4169-A45A-712DE5F73011}
[2012/10/02 15:03:02 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{431CE661-6FD0-48D5-A339-606218F5435F}
[2012/10/02 03:02:51 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{2F75B5ED-6891-47D3-82E7-68500D92D09D}
[2012/10/01 15:02:39 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5CA37767-6914-4108-A5F1-C8258C7978A8}
[2012/10/01 03:02:27 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{F72526AF-8F6D-471F-89EE-2BB1998AAE89}
[2012/09/30 15:02:16 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5D3D7394-BB90-425B-A755-A828FB716C4B}
[2012/09/30 03:02:04 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{96D8FA24-08FE-4F20-9808-705018AA9BF8}
[2012/09/29 15:01:52 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{38F0797D-5688-4413-9A97-884D4C7FF8D4}
[2012/09/29 03:01:41 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D336DF2F-F12C-4D64-AF86-8E44F625C0DD}
[2012/09/28 15:01:29 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{D029A80F-B056-4768-9CA9-7A84D584B02E}
[2012/09/28 03:01:17 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{C2DD82DD-87EA-422A-BFF6-83FCB6AAAB48}
[2012/09/27 15:01:05 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{2043B567-9280-4AE8-A2B7-D7183A4F59C5}
[2012/09/27 03:00:54 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{1D55A271-9DE4-47BD-B6F8-E95B4753CA42}
[2012/09/26 15:00:42 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{5BA16EE0-CFD4-4FBC-8118-F1899F56EEAF}
[2012/09/26 03:00:30 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{7B25065F-A2EC-49EB-A213-5C9AF2E77030}
[2012/09/25 15:00:18 | 000,000,000 | -H-D | C] -- C:\Users\Hunter\AppData\Local\{577D36BB-5395-4A01-8FD3-9E9B98BBF137}
[2011/09/24 15:34:33 | 001,393,736 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_626.exe
[2010/08/08 13:29:17 | 001,062,984 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_540.exe
[2010/05/03 17:38:02 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Hunter\gotomypc_438.exe
========== Files - Modified Within 30 Days ==========
[2012/10/25 13:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 13:09:47 | 1603,608,573 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 13:07:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 12:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hunter\Desktop\OTL.exe
[2012/10/24 23:26:11 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 23:26:11 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 23:14:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:59 | 000,000,679 | -H-- | M] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | -H-- | M] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:13:57 | 000,000,368 | -H-- | M] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | -H-- | M] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:41:42 | 000,000,112 | -H-- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/24 21:39:22 | 000,344,064 | -H-- | M] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:38:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/24 21:01:59 | 000,431,104 | -H-- | M] (EliteGroup) -- C:\ProgramData\PDckxwbyiexT.exe
[2012/10/24 20:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 22:58:04 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/19 22:58:04 | 000,670,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/19 22:58:04 | 000,124,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 16:52:04 | 012,362,130 | -H-- | M] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/11 14:54:32 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/06 20:21:31 | 000,002,743 | -H-- | M] () -- C:\Users\Hunter\Desktop\Virginia Cavaliers Message Board Forum - Wahoos247 Message Boards.lnk
[2012/10/04 22:16:48 | 001,993,772 | -H-- | M] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/04 22:16:40 | 002,151,695 | -H-- | M] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/09/30 13:46:09 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
========== Files Created - No Company Name ==========
[2012/10/24 23:14:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-kDLpblkn8gUEutr
[2012/10/24 23:14:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\-kDLpblkn8gUEut
[2012/10/24 23:13:58 | 000,000,679 | -H-- | C] () -- C:\Users\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 23:13:58 | 000,000,655 | -H-- | C] () -- C:\Users\Hunter\Desktop\File_Restore.lnk
[2012/10/24 23:10:10 | 000,000,368 | -H-- | C] () -- C:\ProgramData\kDLpblkn8gUEut
[2012/10/24 23:10:09 | 000,344,064 | -H-- | C] () -- C:\ProgramData\kDLpblkn8gUEut.exe
[2012/10/24 21:39:22 | 000,344,064 | -H-- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL.exe
[2012/10/24 21:39:22 | 000,000,112 | -H-- | C] () -- C:\ProgramData\hf5XJdsLTMSJBL
[2012/10/18 19:53:02 | 012,362,130 | -H-- | C] () -- C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp
[2012/10/13 13:52:35 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHunter.job
[2012/10/06 19:37:31 | 001,993,772 | -H-- | C] () -- C:\Users\Hunter\Desktop\DSC_4647.JPG
[2012/10/06 19:36:05 | 002,151,695 | -H-- | C] () -- C:\Users\Hunter\Desktop\DSC_4646.JPG
[2012/08/23 12:19:11 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/23 12:11:50 | 000,033,290 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.JPG
[2012/08/23 12:11:37 | 000,027,197 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp2.0
[2012/08/22 18:22:32 | 000,031,386 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmp50-1.JPG
[2012/08/21 18:12:15 | 000,110,223 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.JPG
[2012/07/24 18:56:49 | 000,031,073 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.JPG
[2012/07/24 18:56:49 | 000,024,804 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpJUNE 1960.0
[2012/07/14 09:05:52 | 000,293,543 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.0
[2012/07/14 09:05:52 | 000,109,566 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPHOTO.1
[2012/06/20 21:15:43 | 000,670,961 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.0
[2012/06/20 21:15:43 | 000,660,160 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpPARENTS_BRACES_JULY 2012 002.JPG
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/23 11:12:30 | 000,033,134 | -H-- | C] () -- C:\Users\Hunter\AppData\Roaming\UserTile.png
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/12 12:25:28 | 003,453,299 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.0
[2011/03/12 12:25:28 | 001,624,138 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0326.JPG
[2011/03/12 12:21:42 | 002,766,251 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.0
[2011/03/12 12:21:42 | 001,240,376 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0333.JPG
[2011/02/08 18:01:17 | 002,979,513 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.0
[2011/02/08 18:01:17 | 001,381,893 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpIMG_0455.JPG
[2010/12/09 21:47:48 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/12/09 21:40:16 | 000,036,864 | ---- | C] () -- C:\Windows\Security.exe
[2010/11/18 07:39:28 | 000,000,366 | -H-- | C] () -- C:\Users\Hunter\.DP4WEB_PRI_4491611308092867.sdv
[2010/07/19 17:07:25 | 000,020,438 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338_navi.JPG
[2010/07/19 17:07:24 | 000,061,713 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.0
[2010/07/19 17:07:24 | 000,054,814 | -H-- | C] () -- C:\Users\Hunter\AppData\Local\tmpCIMG1338.JPG
[2010/05/15 09:32:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/09/26 07:14:38 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\.oit
[2012/10/24 23:22:54 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Dropbox
[2011/01/11 13:13:19 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\MusicNet
[2012/02/23 11:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\PeerNetworking
[2010/05/02 18:27:39 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\PictureMover
[2010/12/09 21:53:08 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\ScanSoft
[2010/08/02 18:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Tific
[2010/05/02 19:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\WildTangent
[2010/05/04 20:58:18 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\WinBatch
[2011/02/02 18:56:17 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Windows Live Writer
[2010/12/09 21:53:20 | 000,000,000 | -H-D | M] -- C:\Users\Hunter\AppData\Roaming\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 367 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.44.jpg:com.dropbox.attributes
@Alternate Data Stream - 364 bytes -> C:\Users\Hunter\Desktop\2011-10-24 11.10.23.jpg:com.dropbox.attributes
@Alternate Data Stream - 335 bytes -> C:\Users\Hunter\Desktop\2012-10-17 16.52.04.3gp:com.dropbox.attributes
< End of report >
Thanks for your help!!
Hunter11