Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

FBI Ransomware - PC Won't Boot Into Safe Mode (It Auto shuts down)


  • This topic is locked This topic is locked

#1
howlleo

howlleo

    Member

  • Member
  • PipPip
  • 74 posts
Hello,

My friend's Windows 7 PC fell prey to the FBI ransomware, and we tried following the directions in this thread: http://www.geekstogo...fbi-ransomware/

Unfortunately, when we tried booting into safe mode, the computer automatically shuts itself down, and won't even reach the login screen. We have managed to banish the ransom note briefly, but the desktop behind is frozen.

We managed to boot into safe mode with command line, but none of us can use command line.

Is there any hope for us?



Thank you very much.

------------------Update---------------------

We did a system restore to a different point and followed the directions from maliprog here: http://www.geekstogo...fbi-ransomware/

The scan results were for OTL Regular:


OTL logfile created on: 1/20/2013 9:21:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dini\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 73.18% Memory free
7.49 Gb Paging File | 6.53 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.16 Gb Total Space | 406.05 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.49 Gb Free Space | 11.21% Space Free | Partition Type: NTFS

Computer Name: DINI-HP | User Name: Dini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 21:08:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dini\Downloads\OTL.exe
PRC - [2011/04/25 16:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
PRC - [2011/04/25 16:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
PRC - [2011/03/21 10:02:03 | 002,211,152 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2011/03/21 07:53:32 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1314596449\ee\aolsoftware.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/25 16:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
MOD - [2011/04/25 16:52:30 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/04/25 16:52:30 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\DataSvcs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/01/18 21:41:39 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/28 14:52:00 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/28 14:02:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 07:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 00:21:24 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/18 21:40:40 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/01/02 21:03:12 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/10/26 19:01:34 | 000,788,000 | ---- | M] (Fitbit, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Fitbit\fitbit.exe -- (Fitbit)
SRV - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/20 07:10:08 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 21:41:40 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/01/18 21:40:40 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/10/26 18:51:10 | 000,024,608 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/11 09:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/07/11 09:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 15:23:06 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/28 14:17:20 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/28 20:36:04 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/01/28 20:36:02 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/30 17:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/29 06:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/13 16:34:55 | 000,033,400 | R--- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATWPKT264.SYS -- (ATWPKT2)
DRV:64bit: - [2010/06/17 08:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/06 08:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2010/07/13 16:34:55 | 000,033,400 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\atwpkt264.sys -- (ATWPKT2)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dini\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dini\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 00:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/02 15:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dini\AppData\Roaming\Mozilla\Extensions
[2013/01/18 11:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dini\AppData\Roaming\Mozilla\Firefox\Profiles\g3qmzytr.default\extensions
[1639/05/03 05:54:02 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Dini\AppData\Roaming\Mozilla\Firefox\Profiles\g3qmzytr.default\extensions\yekpslccyb@yekpslccyb.org.xpi
[2011/11/02 15:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 00:21:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 00:21:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 00:21:22 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dini\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dini\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dini\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dini\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/12/24 21:49:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1314596449\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Dini\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3D4CD32-9AEC-4A20-A2C5-78653D606FBC}: DhcpNameServer = 20.10.1.1 20.10.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4C8A43B-1F9E-4026-AD24-7B0B55F2DE8C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\Dini\AppData\Roaming\Malwarebytes
[2013/01/20 20:58:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/20 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/20 20:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/20 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/20 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Dini\AppData\Local\Programs
[2013/01/20 20:51:45 | 000,000,000 | ---D | C] -- C:\temp
[2013/01/20 20:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost
[2013/01/20 20:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PCHealthBoost
[2013/01/20 20:16:32 | 000,000,000 | ---D | C] -- C:\Users\Dini\AppData\Local\{8B26586A-0FCD-47B2-8966-7047E8D776FC}
[2013/01/20 11:24:24 | 000,000,000 | ---D | C] -- C:\Users\Dini\AppData\Roaming\CyberLink
[2013/01/20 11:24:23 | 000,000,000 | ---D | C] -- C:\Users\Dini\AppData\Local\CyberLink
[2013/01/13 22:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FitbitConnect
[2013/01/13 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fitbit Connect
[2013/01/13 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Dini\Documents\DSCN7702
[2 C:\Users\Dini\Documents\*.tmp files -> C:\Users\Dini\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 20:58:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 20:52:28 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/20 20:52:28 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/20 20:52:28 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/20 20:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 20:47:44 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/13 11:06:51 | 004,093,663 | ---- | M] () -- C:\Users\Dini\Documents\DSCN7702.zip
[2013/01/10 17:40:59 | 000,231,395 | ---- | M] () -- C:\Users\Dini\Documents\ElkhornGhostTown.jpg
[2012/12/24 23:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2896244895-2665405994-4234714833-1001UA.job
[2012/12/24 21:55:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/24 21:55:17 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/24 21:49:14 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/22 18:57:35 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\Dini\Documents\*.tmp files -> C:\Users\Dini\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 20:58:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 11:06:41 | 004,093,663 | ---- | C] () -- C:\Users\Dini\Documents\DSCN7702.zip
[2013/01/10 17:40:58 | 000,231,395 | ---- | C] () -- C:\Users\Dini\Documents\ElkhornGhostTown.jpg
[2012/01/11 18:33:59 | 000,056,832 | -HS- | C] () -- C:\Users\Dini\AppData\Roaming\skype.dat
[2011/08/29 00:47:35 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/29 00:38:21 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/29 00:33:11 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/07/25 11:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/25 11:40:15 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/07/25 11:33:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/14 00:28:02 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/16 19:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/20 23:38:53 | 000,000,000 | ---D | M] -- C:\Users\Dini\AppData\Roaming\SoftGrid Client
[2013/01/20 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Dini\AppData\Roaming\Spotify
[2011/08/29 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\Dini\AppData\Roaming\Synaptics
[2011/08/29 00:48:15 | 000,000,000 | ---D | M] -- C:\Users\Dini\AppData\Roaming\TP
[2011/12/15 17:46:26 | 000,000,000 | ---D | M] -- C:\Users\Dini\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,572 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/29 00:59:04 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForDINI-HP$.job
[2011/09/21 18:21:52 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForDini.job
[2011/11/23 16:37:21 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896244895-2665405994-4234714833-1001Core.job
[2011/11/23 16:37:22 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896244895-2665405994-4234714833-1001UA.job

< >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< >

< End of report >

Edited by howlleo, 20 January 2013 - 08:30 PM.

  • 0

Similar Topics: FBI Ransomware - PC Won't Boot Into Safe Mode (It Auto shuts down)     x


#2
howlleo

howlleo

    Member

  • Member
  • PipPip
  • 74 posts
OTL Extras logfile created on: 1/20/2013 9:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dini\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 79.53% Memory free
7.49 Gb Paging File | 6.72 Gb Available in Paging File | 89.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.16 Gb Total Space | 406.05 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.49 Gb Free Space | 11.21% Space Free | Partition Type: NTFS

Computer Name: DINI-HP | User Name: Dini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C48FE5-3AFC-42C5-990F-D84AD4580D0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A7BF7B1-1EA8-422A-A9AE-18656759D8B4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B47B2D6-D888-4BE5-816D-7B8C4F3C19DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{2057759E-91CE-42C3-AD11-30090299CDCD}" = lport=139 | protocol=6 | dir=in | app=system |
"{3092522D-BA5A-4218-A960-11B4DE06FEB9}" = rport=445 | protocol=6 | dir=out | app=system |
"{33CC9C9C-23C9-4ED2-8DD6-6781602BCEF0}" = lport=138 | protocol=17 | dir=in | app=system |
"{3AB1883C-036C-44AA-A35D-18CB39505BFC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4D4FFB4D-EBAD-428D-8F7B-2EE24983BD4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54B5F21D-9705-41F2-B89E-F9080CC2A5D7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6292863D-6E30-4E7E-86EE-C715E8CD4221}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{649460CC-BD49-4E07-AB33-F92A58B5C2DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64F3C3BC-1256-482E-9477-207991B1DBCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7213B550-FE81-4275-B200-AA2856C56716}" = lport=137 | protocol=17 | dir=in | app=system |
"{79028F6A-A911-48BC-BF61-46266ED5B393}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{796C35D0-4290-4E9B-8E7B-29A24ED755DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79E64320-8A24-44FA-A1B3-23BD81B33F14}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CEDE333-3934-43E2-A018-B95EF61A7A62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{976BB3D2-1644-498F-A2CB-FE398EF78AED}" = lport=445 | protocol=6 | dir=in | app=system |
"{A9BE08B4-A78B-44EA-853B-9CAE78851F9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1552F0C-B867-405E-AB01-EB038C07EA9C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC112E65-2E57-4896-AA90-E6F994183C92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4745022-B367-4BC9-8D40-96F72D647122}" = rport=138 | protocol=17 | dir=out | app=system |
"{F298CBA6-830F-4273-B483-60F427F314A6}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B00FD8-7B00-45DB-96E5-CBFA90814295}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{0D155292-D895-46D7-9829-189842FFDFBE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{0F75DAF7-0124-47EA-B99C-E5B806517B34}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{1C0412D2-7EAD-4121-994A-B24E98E04C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe |
"{1E9D4C11-C8D1-4D86-A656-8DF5F3C89E71}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe |
"{2AE24D26-2AF2-4800-B545-5258CAB7F38A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2ECA3CE1-0F4D-4DB8-9469-9286738B3F53}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe |
"{36A4F61B-4B8E-45FC-B9C0-2C99D59FDAE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{380440DF-94F0-4E52-92C2-7BAC0641E986}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B7E4119-98E5-43D0-9099-2CB254BEEE97}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{3B9AB165-3A62-4207-BD8F-11626CE1F9A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3E278132-8E9D-48B3-9B13-46FA9BD49A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4316CB87-898B-43E9-A019-8B00920BBF1F}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe |
"{452D3438-C453-493A-BF49-E67E08585B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{46CB90FF-C1EC-41A1-8AE8-7A3ABC36FB85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D886658-9DA9-4937-B272-981A600AD3EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DADCC5F-7408-4F08-A1B1-9B35C1F9C5AB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{5B640EC8-18DF-4487-8E0F-807491DB8023}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BB65C4B-07EC-4456-A97C-E8599840D735}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{5ED09545-6144-49F1-8C4A-BDF176FE9DF6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1314596449\ee\aolsoftware.exe |
"{611586DD-3929-469E-8377-BFC5D7473706}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{66FDDB72-C91C-461F-9FA4-0BAFA9C296AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E3B1EC8-80A1-4ECE-A711-636ABD7B6A4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F9BC2FA-6C15-4A54-83EC-6783EE6F429D}" = protocol=6 | dir=out | app=system |
"{78C56F75-021B-4B94-9892-FF8D5978EEDA}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{7B5B05EA-5E88-4A92-8342-6C0B3053AEBA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{86474A1E-B445-4B72-BF87-7403785A0813}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{889F5E6B-247F-4D37-A556-634D31AF26B4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{94EEA365-F72D-4CC3-B988-172184EA6BC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9968D92E-4F97-41E5-99AC-8ACA38F79438}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A5198F7A-866D-4056-A943-F953EF45203B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA34C062-36A3-4404-8A6D-C35396050E50}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{AB99514C-2B56-4859-9B87-1C2DCE51E5B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE52A2AE-1C5E-4D68-998C-B306F2864171}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B02AE794-2EC7-4C57-916A-CDEE80C357ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B540B11F-355C-4428-9E17-63EBBFDE7DA3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B744EE39-660E-407F-B7EA-8867F6FDBA3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC2DD84B-329D-477B-B831-BF2C66571A38}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1314596449\ee\aolsoftware.exe |
"{C28EA97F-6A34-43BB-8E8F-DD7043D1D792}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{CA821B39-D338-4218-9256-C82D279661E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E42B7D61-2DBC-4883-A3DA-46742CA11ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{EA3FDBFC-F88A-4A86-8EAC-BBE8A54AC8BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB0CE133-8447-4AA3-88C7-6CF36DF06E4F}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{FCD14C10-0773-41DD-A359-2DFE8611FCE9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"TCP Query User{7E88E9A4-D7ED-48CE-BAFA-1BF04C1264DF}C:\users\dini\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dini\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4A1946D0-434A-493C-BEE8-3F780DC0468F}C:\users\dini\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dini\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{40DB28C5-3C37-72E8-BE8F-82104E97EFCC}" = AMD Fuel
"{42A2FD03-F0C7-6DD5-8D7B-EBAA992F12AA}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E53B80F-4137-5F27-B4C4-88641B1E7F10}" = ccc-utility64
"{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{143774AF-ED46-EF8E-A9C5-516D67A484C2}" = CCC Help Korean
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28B8E509-8E2A-A274-B59F-1D892778CBB6}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C93DDCA-E6BB-977B-8C55-724C1DA25C21}" = CCC Help Norwegian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30DDA988-6BCC-8B14-E0BB-026DA821EC23}" = CCC Help Czech
"{311295C1-80F9-D8B6-06E4-5CBD2492460E}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A59718-E873-CE8E-718C-D56B341DD14D}" = CCC Help German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{371794E8-423C-52DD-ED06-9385469EA274}" = CCC Help Swedish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39EAEE16-AF24-CF47-3BD1-7B048A5DABD3}" = CCC Help English
"{3C7F25C6-6BCB-7F39-BC81-48A8B5F38EDD}" = CCC Help French
"{3FE1B94B-FB1C-1AF3-4DC2-EB5F4DB56A30}" = CCC Help Chinese Standard
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{456D64EB-7E2A-FF45-EFA9-439EB529A105}" = CCC Help Greek
"{4798F9E7-BE3A-3EBF-BDF2-6751C8C38503}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5184A194-BA95-0411-A13C-468097CD4A06}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58327844-EEAB-8C79-CA64-6C3623DEF11B}" = CCC Help Polish
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{601E6B37-4FF1-FC93-F48F-F73D29040AD4}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710870E4-16ED-AC81-71CF-8941963E0776}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72737A9E-FAC6-01F9-C0F3-88F6DB538607}" = CCC Help Russian
"{78E5E045-D6EB-57CD-02F8-F55E79882790}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8BE8CC83-C423-BF43-C1A0-9C072E3785B7}" = ccc-core-static
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B35FC82A-6C05-45B0-DDE5-8DF62422E703}" = CCC Help Turkish
"{B86FB076-3531-4AF4-86CC-68CA36BFF48A}" = HP Documentation
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD3F5161-C40B-CA50-F82A-1F4417EE722D}" = CCC Help Spanish
"{C0BD6A24-3110-E1DE-45B2-C7FC14F4DC76}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4414765-E8CD-518B-91E8-FA7C76CD2AE2}" = CCC Help Hungarian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC6B510F-7EA2-8171-55E0-6A76B46CA17D}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB120C5A-42D2-C901-FF0C-D0DBDD07E9BD}" = Catalyst Control Center Graphics Previews Common
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEF4EAB8-D049-FD0A-02BD-F9F42C49551F}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"EasyBits Magic Desktop" = Magic Desktop
"Fitbit Data Uploader_is1" = Fitbit v2.1.0
"FITBIT&10C4&84C4" = Fitbit Base Station (Driver Removal)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ViewpointMediaPlayer" = Viewpoint Media Player
"Webroot Software" = Webroot Software
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 10:51:22 AM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 11:01:22 AM | Computer Name = Dini-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 8/30/2012 8:59:26 PM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 9:09:33 PM | Computer Name = Dini-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 8/31/2012 9:19:55 AM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/31/2012 9:30:02 AM | Computer Name = Dini-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 8/31/2012 12:42:26 PM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

Error - 8/31/2012 12:52:58 PM | Computer Name = Dini-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 8/31/2012 3:23:37 PM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

Error - 9/3/2012 2:25:08 AM | Computer Name = Dini-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 7/6/2012 1:58:56 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/20/2012 8:07:04 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/20/2012 8:07:04 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/20/2012 8:07:04 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/20/2012 8:07:26 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/20/2012 8:12:33 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/22/2012 7:46:13 AM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/22/2012 5:26:38 PM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/22/2012 5:27:36 PM | Computer Name = Dini-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/28/2012 5:50:23 PM | Computer Name = Dini-HP | Source = hpsa_service.exe | ID = 2000
Description =

[ HP Connection Manager Events ]
Error - 1/18/2013 11:33:25 AM | Computer Name = Dini-HP | Source = HPConnectionManager | ID = 5
Description = 2013/01/18 10:33:25.674|0000177C|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

Error - 1/20/2013 11:34:47 AM | Computer Name = Dini-HP | Source = HPConnectionManager | ID = 5
Description = 2013/01/20 10:34:47.103|00000DBC|Error |App::ExitIfServiceIsNotInstalled{void()}|Application
is exiting because the service is not installed

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.249|000017EC|Error |[HP.Mobile]Wwan::.ctor{}|Retrieving
the COM class factory for component with CLSID {24DB46C8-C842-4E91-9AC4-8A9525A5551D}
failed due to the following error: 80040154.

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.265|000017EC|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Mobile
Broadband (WWAN): The device returned an error (Retrieving the COM class factory
for component with CLSID {24DB46C8-C842-4E91-9AC4-8A9525A5551D} failed due to the
following error: 80040154.)

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.281|000017EC|Error |[HP.Mobile]Wimax::.ctor{}|Retrieving
the COM class factory for component with CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C}
failed due to the following error: 80040154.

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.281|000017EC|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|WiMAX:
The device returned an error (Retrieving the COM class factory for component with
CLSID {DCF1FC65-DA3B-404B-B4CC-BF8669E4947C} failed due to the following error:
80040154.)

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.296|000017EC|Error |[HP.Mobile]Wlan::.ctor{}|Retrieving
the COM class factory for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234}
failed due to the following error: 80040154.

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.296|000017EC|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Wi-Fi
(Wireless LAN): The device returned an error (Retrieving the COM class factory
for component with CLSID {000098D5-6857-477B-B1D2-8B04CD9EB234} failed due to the
following error: 80040154.)

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.312|000017EC|Error |[HP.Mobile]Bluetooth::.ctor{}|Retrieving
the COM class factory for component with CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850}
failed due to the following error: 80040154.

Error - 1/20/2013 8:56:33 PM | Computer Name = Dini-HP | Source = hpMobile | ID = 5
Description = 2013/01/20 19:56:33.312|000017EC|Error |[HP.Mobile]DeviceException::ShowError{void(HP.Mobile.Devices.Device,System.Exception)}|Bluetooth®:
The device returned an error (Retrieving the COM class factory for component with
CLSID {2A8DDB1F-EE72-4FB7-A2F8-7B1530D94850} failed due to the following error:
80040154.)

[ System Events ]
Error - 1/20/2013 10:06:46 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/20/2013 10:10:03 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:10:03 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:10:03 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:12:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:12:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:12:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:17:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:17:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/20/2013 10:17:11 PM | Computer Name = Dini-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Attached Files


  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Hello howlleo and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
    O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found

    :Commands
    [purity]
    [emptyjava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,171 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured